Take a look at the ssl_requirement plugin. Shouldn't it check to see if you're in production mode? We're seeing a redirect to https in development mode, which seems odd. Or is that the normal behavior for the plugin? I thought it behaved differently in the past. ...
I have an HTTP server which is in our internal network and accessible only from inside it. I would like to put another server that would listen to an HTTPS port accessible from outside, and forward the requests to that HTTP server (and send back the responses via HTTPS). I know that there are several ways to do this with some programming...
I have an Apache 2.2 server with an SSL certificate hosting several services that should be only access using SSL. ie: https://myserver.com/topsecret/ should be allowed while http://myserver.com/topsecret/ should be either denied or, ideally, redirected to https. http://myserver.com/public should not have this restriction, and should...
Hi, I have an application in which a gecko browser is embedded. The application is crashing when I try to access any https url's because nss is not properly initialised at this point. The crash is in PK11_TokenExists(). I want to block my browser from rendering https sites. If a user clicks on a https link I can block that load in OnSta...
We recently had a security audit and it exposed several weaknesses in the systems that are in place here. One of the tasks that resulted from it is that we need to update our partner credentials system make it more secure. The "old" way of doing things was to generate a (bad) password, give it to the partner with an ID and then they ...
My last couple of projects have involved websites that sell a product/service and require a 'checkout' process in which users put in their credit card information and such. Obviously we got SSL certificates for the security of it plus giving peace of mind to the customers. I am, however, a little clueless as to the subtleties of it, and ...
Hi I was wondering how i can force a user who has requested a page using Http to use the secure https version? I am using Websphere 6.1 as my application server and Rad 7 as my development environment Thanks Damien ...
I'm going over some client code I've inherited for doing secure communication over HTTPS, and it seems that it's not checking the common name in the server certificate (eg. 'CN = "example.com"' against the actual URL that's being requested. This is probably deliberate, since our client app is required to talk to various environments, so ...
Hi I want to consume a web service over https from a java client. What steps will i need to take in order to do this? ...
I'm fairly new to the AJAX methodologies (I only recently discovered jQuery a short time ago). I am interested to know if there is anyway to authenticate a user on a PHP setup; securely. Does jQuery have any special options to allow use of HTTPS (or any other way to encrypt my ajax call)? Yes, I could very well just post data back to t...
Are there any major differences in performance between http and https? I seem to recall reading that https can be up to 1/5 times slower than http. Is this valid with the current generation webservers/browsers? If so, are there any whitepapers to support it? ...
How do I go about using HTTPS for some of the pages in my ASP.NET MVC based site? Steve Sanderson has a pretty good tutorial on how to do this in a DRY way on Preview 4 at: http://blog.codeville.net/2008/08/05/adding-httpsssl-support-to-aspnet-mvc-routing/ Is there a better / updated way with Preview 5?, ...
I have to work on an old 1.3 JVM and I'm asked to create a secure connection to another server. Unfortunately the HttpsURLConnection only appears sinc JVM 1.4. Is there another way to create a secure connection? Is there a library that I could you to add this fonctionnality? ...
I am attempting to write an application that uses libCurl to post soap requests to a secure web service. This windows application is built against libCurl version 7.19.0 which, in turn, is built against openssl-0.9.8i. The pertinent curl related code follows: FILE *input_file = fopen(current->post_file_name.c_str(), "rb"); FILE *out...
Hi all I have a https link that requires user login & password. If I run it in FX like this: https://[email protected]/link/sublink it will return the xml data as expected. However, what i'm trying to do, is to automate this process. I try to use file_get_contents in PHP fSocket in PHP I even try Ajax, but still.. doesn...
Will content requested over https still be cached by web browsers or do they consider this insecure behaviour? If this is the case is there anyway to tell them it's ok to cache? ...
I run into this quite often where a new page is supposedly "tested" and ready to go. But as soon as I change the page from http to https (secure) mode I get the "This page contains both secure and nonsecure items." error. Usually I can find the problem and fix it pretty quick. Today is different. I've checked every image reference and e...
I'm using Webbrowser control to login to HTTPS site with "untrusted certificate". but I get popup such standart window "Security Alert" about untrusted certificate: http://s39.radikal.ru/i085/0810/ff/7fdbb47008c9.jpg I have to find this window by title and send it "ALT + Y" to press 'YES': int iHandle = NativeWin32.FindWindow(null, ...
At my workplace, the traffic blocker/firewall has been getting progressively worse. I can't connect to my home machine on port 22, and lack of ssh access makes me sad. I was previously able to use SSH by moving it to port 5050, but I think some recent filters now treat this traffic as IM and redirect it through another proxy, maybe. T...
In my project I need to connect to an intra-net web service but we need SSL connection between the two machines. Because this is an intra-net site the certificate of the web service might be a self-signed certificate. The web service and the web page that loads my Flex application resides on the same web server (tomcat) so when I load th...