06-13-2005, 07:16 PM
Talking BlackBerry Encyclopedia
Join Date: Feb 2005
Carrier: cingular, no wait, AT&T
Post Thanks: 0
Thanked 0 Times in 0 Posts
Allowing all untrusted HTTPS isn't too big of a problem, but it allows your user to connect to sites with bad/nonexistant SSL certs. It could prevent MITM attacks, or prevent your users from being duped into a bad HTTPS site. I say you should disallow access to untrusted SSL sites, and add sites' SSL certs as needed.