SSL Alternative


#1

DH has no SSL, is there any combination of javascript+server side scripting product to emulate SSL function ? :slight_smile:

Any suggestion is greatly appreciated.

Jonathan

Get 200GB[L1 Plan], $50, PLUS 1 additional Free Domain with [color=#CC0000]50AND1DOMAIN[/color] promo code. Sign Up NOW


#2

Uhmm… I don’t know where you got your information from, but it’s completely incorrect. DreamHost does in fact offer SSL, but you need to purchase a Unique IP in order to actually use it - which makes perfect sense considering how SSL goes about securing your connection to the server :slight_smile:


Chips N Cheese - Custom PHP installs and the like!


#3

Hm, then I mean with no unique IP. :slight_smile:

Some host also provides shared ssl, I don’t know why DH doesn’t. I have make suggestion through panel, meanwhile I’m going with any research for the encrypted alternative.

Jonathan

Get 200GB[L1 Plan], $50, PLUS 1 additional Free Domain with [color=#CC0000]50AND1DOMAIN[/color] promo code. Sign Up NOW


#4

That’s the one thing they don’t offer, that I never understood why. I’d guess it has something to do with complications they can foresee with their backend–but that’s just a guess.

I also submitted that as a suggestion a long time ago, but don’t ever remember seeing it show up.

But if you need it, the IP is pretty cheap and you can get your own cert pretty cheap. I’ve used the cheap certs from Godaddy without any problems.


:stuck_out_tongue: Save up to $96 at Dreamhost with ALMOST97 promo code (I get $1).
Or save $97 with THEFULL97.


#5

What, exactly, do you want to use this for ?

I mean sure, you can encode data server-side with AES and decode it client-side with a javascript AES library (which is slow, to say the least). You could probably even do a diffie-hellman key exchange in a HTTP conversation. But … why ? The time you will spend developing and bugtesting that on every browser will easily be more than a unique IP is worth, and you’ll not exclude people who do not have ecmascript enabled.

If you want actual SSL to be “emulated” by scripts, don’t bother; by the time your request would hit your server side script, it would be too late to start a proper SSL session.

If you just want the appearance of security, don’t bother. Either use SSL/TLS, or don’t encrypt the transport layer.

Shared SSL certs are icky, though should theoretically be possible; many browsers do not support it in the correct fashion, though. I wouldn’t hold my breath on DH support for these, though you might want to suggest it in their suggestions panel.


#6

If offered, I would use these to access the login screen/post for the administrative sections of my sites. I just don’t like cleartext usernames and passwords, but I don’t want to pay for a unique IP and certificate for every domain/subdomain where I have to log in administratively.

Or is there some way of doing that some other way?

Free unique IP and $67 off with promo code [color=#CC0000]FLENSFREEIP67[/color] or use [color=#CC0000]FLENS97[/color] for $97 off. Click here for more options


#7

Not really, unless they added digest authentication by now.

(though it should not be overly hard to have one administrative site for many domains :slight_smile:

If you really want to code a separate authentication mechanism, have a look at http://code.google.com/p/clipperz/ for a starting point on what to do.


#8

Just take a look at GoDaddy for TurboSSL, it is $19.99/year. It’s a good bargain, will consider to use it.

Thanks seiler !

Jonathan

Get 200GB[L1 Plan], $50, PLUS 1 additional Free Domain with [color=#CC0000]50AND1DOMAIN[/color] promo code. Sign Up NOW


#9

I need it to secure authentication process for my application’s backend administration.

Thanks for the info. Indeed, I have added it in the suggestion panel.

Jonathan

Get 200GB[L1 Plan], $50, PLUS 1 additional Free Domain with [color=#CC0000]50AND1DOMAIN[/color] promo code. Sign Up NOW


#10

There is absolutely no reason to pay for a cert in this case. None whatsoever. He wants to access his domain(s) administratively; a self-signed cert he created himself (for exactly zilch $$$) will be fine for that purpose; the communication will be exactly as secure as it would be with a commercial cert – he could even install his own CA locally and the browser would never “complain” about it.

Heck, you can even use self-signed certs on public sites. The commercially available ones don’t exactly give you any more security or even a reason to put more trust into the site; everybody can get a cert for every domain within 5 minutes, without proper ID checks – and that will cause the browser not to complain. Any user who trusts a site more “just” because it has a $$$-certificate is a fool. Too bad there are billions of fools running around :wink:


#11

here is a free tip
use OpenID (openid.net)
I use it on my sites and blogs .
see it on blog.bugabundo.net

from there, I use my openID account on two different servers, one beeing on myopenid, which provides HTTPS and even SSL cert login without password


BUGabundo :o)
promo here
50$ discount with promo code “BUG50” on ALL plans
Free lifetime Domain with “BUGDOMAIN” promo code


#12

It’s a good idea, but are their plugins available for the popular webapps like wordpress, gallery, joomla, etc? Don’t apps need to do SSO integration of some kind?

Free unique IP and $67 off with promo code [color=#CC0000]FLENSFREEIP67[/color] or use [color=#CC0000]FLENS97[/color] for $97 off. Click here for more options


#13

yes, there are FREE plugins for WP, Gallery2, Joomla and many others CMS.
The library it’s also available for any one who wants to implement it
http://openid.net/wiki/index.php/Libraries


BUGabundo :o)
promo here
50$ discount with promo code “BUG50” on ALL plans
Free lifetime Domain with “BUGDOMAIN” promo code