[Newbies] Are the arguments of a URL encrypted when you make an
HTTPS connection?
Kyle Hamilton
aerowolf at gmail.com
Sat Mar 14 20:49:35 UTC 2009
TLS is negotiated on the channel before any data is sent on the
channel (RFC 2818). Other protocols, most notably ESMTP, use a
STARTTLS mechanism to negotiate the initiation of the TLS encryption.
"Security through obscurity" isn't secure. If nothing else, remember
that the client machine is outside of your domain, and you cannot be
certain in any way that the VM your application is running in hasn't
been compromised.
-Kyle H
On Sat, Mar 14, 2009 at 1:14 PM, Andy Burnett
<andy.burnett at knowinnovation.com> wrote:
> I had a brilliant idea today! Instead of bothering with authentication, I
> would use unguessable URLs (and/or arguments) for my application - yes I
> know it is hardly unique, but it might solve a problem for me.
>
> Anyway, after recovering form the shock of my idea, I suddenly realised it
> would be completely useless if the URL is transmitted in plain text. Does
> anyone know when the encryption in an SSL session actually kicks in? And is
> there anything I can set on WAKom to ensure that the URL is protected?
>
> Cheers
> Andy
>
> _______________________________________________
> Beginners mailing list
> Beginners at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/mailman/listinfo/beginners
>
>
More information about the Beginners
mailing list