I had a brilliant idea today! Instead of bothering with authentication, I would use unguessable URLs (and/or arguments) for my application - yes I know it is hardly unique, but it might solve a problem for me.
Anyway, after recovering form the shock of my idea, I suddenly realised it would be completely useless if the URL is transmitted in plain text. Does anyone know when the encryption in an SSL session actually kicks in? And is there anything I can set on WAKom to ensure that the URL is protected?
Cheers Andy
Anyway, after recovering form the shock of my idea, I suddenly realised it would be completely useless if the URL is transmitted in plain text. Does anyone know when the encryption in an SSL session actually kicks in? And is there anything I can set on WAKom to ensure that the URL is protected?
SSL kicks in before the URL in, see for example http://answers.google.com/answers/threadview/id/758002.html.
WAKom does not come with SSL support, but it can be easily done using Apache, Squid, ...
Cheers, Lukas
TLS is negotiated on the channel before any data is sent on the channel (RFC 2818). Other protocols, most notably ESMTP, use a STARTTLS mechanism to negotiate the initiation of the TLS encryption.
"Security through obscurity" isn't secure. If nothing else, remember that the client machine is outside of your domain, and you cannot be certain in any way that the VM your application is running in hasn't been compromised.
-Kyle H
On Sat, Mar 14, 2009 at 1:14 PM, Andy Burnett andy.burnett@knowinnovation.com wrote:
I had a brilliant idea today! Instead of bothering with authentication, I would use unguessable URLs (and/or arguments) for my application - yes I know it is hardly unique, but it might solve a problem for me.
Anyway, after recovering form the shock of my idea, I suddenly realised it would be completely useless if the URL is transmitted in plain text. Does anyone know when the encryption in an SSL session actually kicks in? And is there anything I can set on WAKom to ensure that the URL is protected?
Cheers Andy
Beginners mailing list Beginners@lists.squeakfoundation.org http://lists.squeakfoundation.org/mailman/listinfo/beginners
beginners@lists.squeakfoundation.org