[Sugar-devel] [PATCH] webactivity: seed the XS cookie at startup

Hal Murray hmurray at megapathdsl.net
Thu Feb 12 14:22:07 EST 2009


> note that if the XS is acting as a proxy the cache issue can be
> addressed.  The XS can get a copy of the XO client cert at
> registration time, and with  it can decrypt the HTTPS traffic and
> cache the unencrypted version. this  is a lot of cpu, but it's on the
> XS not the XO, so it shouldn't be as bad  (and there are hardware SSL
> encryption cards available that can be put in  an XS for high-volume
> situations) 

I'm not a security wizard, but I get uncomfortable when anybody suggests 
giving out copies of keys, certs, or passwords.

Is this an acceptable case?  Why?  How would you explain the subtlies to a 
kid?  How many adults give their passwords to phishers?



-- 
These are my opinions, not necessarily my employer's.  I hate spam.





More information about the Sugar-devel mailing list