Quote:
Originally Posted by Don
|
The article doesn't however take into account that once that data passes through the SSL portion of the communication it can be converted back into non-ssl traffic. A company that i had dealings with once did this. They transferred the clients data into their private network via SSL (HTTPS) but once it passed into there it was transmitted in open format the rest of the way around their private network from server to server. Bear in mind that their network had multiple layers of firewalls but if they had gotten hacked or had an employee that started to become a problem lots of data could be collected. My philosophy since I design secure networks for ecommerce and privacy is that if it goes over the wire, encrypt it, period.