jCryption + CRAM是SSL的好选择? [英] jCryption + CRAM are a good alternative to SSL?
问题描述
我想知道 jCryption +挑战响应认证机制是否是SSL的良好替代品。 p>
我知道SSL非常好,但是我正在建立一个所有者不想购买SSL证书的项目,我想找到一个解决方案给予最好的安全方法,可以在不使用SSL的情况下获得。
任何想法?
不,不是。
刚刚在我头上,我可以想到很多原因:HTTP头仍然未加密,密钥交换容易受到中间人攻击,您对客户端代码的信任度高。
只需使用来自Startcom的免费SSL证书。
I would like to know if jCryption + Challenge Response Authentication Mechanism are a good alternative to SSL.
I know that SSL is very much better, but I'm making a project where the owner don't want to buy a SSL certificate and, I would like to find a solution to give the best security approach that could be acquired without the use of SSL.
Any ideas?
No, it's not.
Just off the top of my head, I can think of many reasons: HTTP headers are still unencrypted, the key exchange is vulnerable to man-in-the-middle attacks, and you're putting a high degree of trust in client-side code.
Just use a free SSL certificate from Startcom.
这篇关于jCryption + CRAM是SSL的好选择?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!