[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 462
  • Last Modified:

Yahoo's ssl folder as good as buying a certificate from Verisign

Hello,

Is using the SSL folder from my hosting service ( Yahoo) as good as using a certificate from Verisign or Thawte for security?

Bob
0
weikelbob
Asked:
weikelbob
  • 6
  • 3
  • 2
1 Solution
 
ahoffmannCommented:
no
'cause any compromised page on the same server using this cert compromises your security too, just think of website spoofing in any of its ways
0
 
weikelbobAuthor Commented:
It's Yahoo, so if any! page gets hacked into using Yahoo's certificate then my security is compromised. That doesn't sound like good enough security.

What is it good for?
0
 
TintinCommented:
Your question doesn't make any sense.

What do you mean by "SSL folder"?  
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
weikelbobAuthor Commented:
There is a folder in Yahoo's directories that I use for hosting that is named SSL, and Yahoo has suggested to put any pages into it that you want to be secure. How secure is it, and what can I use it for?

Bob

0
 
TintinCommented:
OK, I think I understand now.

As to how secure it is depends on the server security and permissions.  If there is a way for a user to get to your files (from server level), then it doesn't really matter if the pages/files are available via HTTPS as they will be compromised.

I have no idea what sort of server security level Yahoo use, but one would hope they are pretty serious about it.

The use is really up to you.  If you have something like a shopping cart or some sensitive information, then making it available via HTTPS is a good option.
0
 
weikelbobAuthor Commented:
What are the benefits of using a separate certificate over using the SSL folder mentioned above?

Bob
0
 
TintinCommented:
Using a separate certificate allows you to run HTTPS server with your own domain name, rather than having to share someone elses, like Yahoo.
0
 
weikelbobAuthor Commented:
OK, and if Yahoo is secure, then it's OK to share.

Is there any way to check to see if Yahoo is indeed secure?

Bob
0
 
ahoffmannCommented:
>  page gets hacked
didn't say that a page needs to be hacked
a simple and very common vulnerability (I'd say 99% of all web pages) is XSS, measn that any XSS somewhere on the server to which the cert belongs, breaks the truts of the cert

Also, if I get presented a cert from yahoo, why should I believe that *your* page is trustworthy also?
(this is not an offence, but a question according security/trustworthy/cert/etc.)

> Is there any way to check to see if Yahoo is indeed secure?
what is "insecure" for your?
0
 
weikelbobAuthor Commented:
OK, I guess that I'll put my regular people in a SSL folder (in a file manager) and if a customer looks like they'll need something more, I'll offer them to be under a certificate. That's a lot of money for one certificate, I believe, can a keep the cost down by safely sharing 1 certificate?

Bob
0
 
weikelbobAuthor Commented:
OK,

I talked to verisign and I looked at you guys' posts. I'm going to stick with the SSL folder from Yahoo for now, unless a customer requests more.

Thanks guys,

Bob
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 6
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now