https

Options for Google Maps over SSL

We recently discovered that the Google Maps API does not play nicely with SSL. Fair enough, but what are some options for overcoming this that others have used effectively? Will the Maps API work over SSL (HTTPS)? At this time, the Maps API is not available over a secure (SSL) connection. If you are running the Maps API o...

Using mod_rewrite to Mimic SSL Virtual Hosts?

What is the best way to transparently rewrite a URL over an SSL connection with Apache 2.2? Apache 2 does not natively support multiple name-based virtual hosts for an SSL connection and I have heard that mod_rewrite can help with this. I would like to do something like this: I have set up the server so that the sites can be accessed b...

How do you redirect HTTPS to HTTP?

How do you redirect HTTPS to HTTP?. That is, the opposite of what (seemingly) everyone teaches. I have a server on HTTPS for which I paid an SSL certification for and a mirror for which I haven't and keep around for just for emergencies so it doesn't merit getting a certification for. On my client's desktops I have SOME shortcuts which...

Convince Firefox to send an If-Modified-Since header over HTTPS

How can I convince Firefox (3.0.1, if it matters) to send an If-Modified-Since header in an HTTPS request? It sends the header if the request uses plain HTTP and my server dutifully honors it. But when I request the same resource from the same server using HTTPS instead (i.e., simply changing the http:// in the URL to https://) then Fi...

Avoid traffic shaping by using ssh on port 443

I heard that if you use port 443 (the port usually used for https) for ssh, the encrypted packets look the same to your isp. Could this be a way to avoid traffic shaping/throttling? ...

How do banks remember "your computer"?

As many of you probably know, online banks nowadays have a security system whereby you are asked some personal questions before you even enter your password. Once you have answered them, you can choose for the bank to "remember this computer" so that in the future you can login by only entering your password. How does the "remember thi...

Testing HTTPS files with MAMP

I am running MAMP locally on my laptop, and I like to test as much as I can locally. Unfortunately, since I work on e-commerce stuff (PHP), I normally force ssl in most of the checkout forms and it just fails on my laptop. Is there any easy configuration that I might be missing to allow "https" to run under MAMP? Please note, I know that...

[ASP.NET ERROR] The request was aborted: Could not create SSL/TLS secure channel.

I'm posting this on behalf of a co-worker. He gets a "The request was aborted: Could not create SSL/TLS secure channel" error while using a WebRequest object to make an HTTPS request. Th funny thing is that this only happens after a while, and is temporarily fixed when the application is restarted, which suggests that something is being...

IIS7: HTTP->HTTPS Cleanly

Is there a clean way to redirect all attempts to going to an HTTP:// version of a site to its HTTPS:// equivalent? ...

How to get the correct Content-Length for a POST request.

I am using a perl script to POST to Google Appengine application. I post a text file containing some XML using the -F option. http://www.cpan.org/authors/id/E/EL/ELIJAH/bget-1.1 There is a version 1.2, already tested and get the same issue. The post looks something like this. Host: foo.appspot.com User-Agent: lwp-request/1.38 Content-...

Response.Redirect with POST instead of Get?

We have the requirement to take a form submission and save some data, then redirect the user to a page offsite, but in redirecting, we need to "submit" a form with POST, not GET. I was hoping there was an easy way to accomplish this, but I'm starting to think there isn't. I think I must now create a simple other page, with just the for...

Any way to handle Put and Delete verbs in ASP.Net MVC?

just wondering if anyone knows of a truly restful Put/delete implementation asp.net mvc preview 5 preferably. ...

Best way in asp.net to force https for an entire site?

About 6 months ago I rolled out a site where every request needed to be over https. The only way at the time I could find to ensure that every request to a page was over https was to check it in the page load event. If the request was not over http I would response.redirect("https://mysite.com") Is there a better way -- ideally some s...

Making sure a web page is not cached, across all browsers.

Our investigations have shown us that not all browsers respect the http cache directives in a uniform manner. For security reasons we do not want certain pages in our application to cached, ever, by the web browser. This must work for at least the following browsers: Internet Explorer versions 6-8 FireFox versions 1.5 - 3.0 Safari ver...

What's a clean/simple way to ensure the security of a page?

Supposing you have a form that collects and submits sensitive information and you want to ensure it is never accessed via insecure (non-HTTPS) means, how might you best go about enforcing that policy? ...

What does a PHP developer need to know about https / secure socket layer connections?

I know next to nothing when it comes to the how and why of https connections. Obviously, when I'm transmitting secure data like passwords or especially credit card information, https is a critical tool. What do I need to know about it, though? What are the most common mistakes you see developers making when they implement it in their ...

What must I do to make content such as images served over HTTPS be cached client-side?

I am using Tomcat as a server and Internet Explorer 6 as a browser. A web page in our app has about 75 images. We are using SSL. It seems to be very slow at loading all the content. How can I configure Tomcat so that IE caches the images? ...

How can I get LWP to validate SSL server certificates?

How can I get LWP to verify that the certificate of the server I'm connecting to is signed by a trusted authority and issued to the correct host? As far as I can tell, it doesn't even check that the certificate claims to be for the hostname I'm connecting to. That seems like a major security hole (especially with the recent DNS vulnera...

Force HTTPS. How is it possible?

I've got just one page that I want to force as an HTTPS page (PHP on Apache). How do I do this without making the whole directory require HTTPS? Or, if you submit a form to an HTTPS page from an HTTP page, does it send it by HTTPS instead of HTTP? Here is my example: http://www.mysite.com/buyCrap.php needs to only be accessed through:...

What's the best way to learn server RESTful code?

I'm an experienced client application developer (C++/C#), but need to come up to speed quickly on writing server side code to perform RESTful interactions. Specifically, I need to learn how to exchange data with OpenSocial containers via the RESTful API. ...