@Geek_Tips_Hub said:
@Geek_Tips_Hub said:
@UnknownLolz said:
@SaadEddine said:
I have read the full thread and your replies make no sense
Hi,
What he means is that InfinityFree’s PHPmyAdmin doesn’t have a trusted SSL installed.
And the picture is what the browser show when accessing InfinityFree’s PHPMyAdmin with SSL request.
For example if you rewrite http
to https
when accessing PHPMyAdmin, then the “Not Trusted SSL” error will occur.
It’s don’t have SSL. Invalid SSL is more scary.
Little big question @Admin do you have access on our accounts? Like phpmyadmin?
This is not for everyone so keep distance. @Admin I you don’t have any knowledge about SSL. At list you should know. There is two key available on SSL public key and private key. Those keys are encrypted with main certificate key. When a main certificate’s key is stolen only then a SSL is invalid. That means when a hacker have that private key, they can easily open document and read. This is even dengar because only best one keep those keys.
I’m quite familiar with public/private key cryptography, thank you very much. I’m aware not everyone is (since it’s fairly complicated matter), so I try to make my explanations easy to understand for everyone.
I have to correct you here, because if the private key of a certificate authority is compromised, then a certificate signed with that private key will not become invalid. It just allows the hacker to generate SSL certificates for any domain they want (google.com, facebook.com, banking sites, government sites) which are accepted by clients as being signed by the compromised certificate authority. Only after browser and operating systems vendors catch on and revoke the certificate authority, then any certificate signed by that authority will be marked as invalid by (updated) browsers and operating systems.
This is what happened with DigiNotar. Google that if you want to know more.
An invalid SSL warning is bad news if the website should have a valid SSL certificate, as it means that either someone is trying to intercept your requests to the website (whether that’s caused by an attack on the client side or server side). But, believe it or not, but an invalid SSL certificate is more secure than not having any SSL certificate. At least with an invalid certificate, data is encrypted in transit, even if you cannot verify who you are talking to.
@Geek_Tips_Hub said:
We won’t access your account without a good reason to do so, but we cannot inform you about this every time. This might be a false statement.
Why is it a false statement? It’s combining practical and legal obligations (we have to check for abuse), alongside good ethics (we don’t access your data when we don’t need to, and we treat it with care and respect when we do).
I’d say abuse checks are a good reason, and we have a good reason not to give any details on when and how we do that.