I'm in the process of testing my application with respect to security. Aside from fiddler,charles and poster (firefox plug in). Are there any other free to use https interception (and editing) applications out there? Especially ones which can be installed w/o admin privileges. Achilles comes to mind, but I don't think it can han...
Hello, I have my J2EE application deployed into a JBossAS. My Application has to respond to two different hostnames (https://foo.com/myApp and https://bar.com/myApp). It is the same instance of the app serving those two hostnames. But I don't know how to configure the keystores. I need different keystores for each hostname. Is there a ...
Is HTTPS Multipart file upload request a batch process? That is, if I have 99 files, and if the upload fails after file 95 has been uploaded, will that rollback the entire set? ...
Our company is looking into allowing third party sites to use our online checkout system. A client has stated that they would like to be able to use a lightbox style popup to display the checkout. And they would like this to be available on every page of the site, therefore mostly unsecure pages. Our checkout system and the client site ...
I wrote a class/function to send xml over https via PHP4/cURL, just wondering if this is the correct approach, or if there's a better one. Note that PHP5 is not an option at present. /** * Send XML via http(s) post * * curl --header "Content-Type: text/xml" --data "<?xml version="1.0"?>...." http://www.foo.com/ * */ function sendX...
Hello. I am trying to download an xml.gz file from a remote server with HttpsURLConnection in java, but I am getting an empty response. Here is a sample of my code: URL server = new URL("https://www.myurl.com/path/sample_file.xml.gz"); HttpsURLConnection connection = (HttpsURLConnection)server.openConnection(); connection.connect(); ...
I am experiencing some strange behavior of embedded audio (wav file) on HTML page. I've got a page https://server.com/listen-to-sound, and a Wav file embedded in it via <EMBED/> tag, like this: <embed src='https://server.com/path-to-sound' hidden="true" autostart="true" /> The page https://server.com/listen-to-sound is opened in IE 6 ...
I want a SSL certificate for my web site that will not only be accepted without warning by all popular browsers (at least accepted by Firefox and Internet Explorer), but also give my visitors the green address bar. Which certificate authority is selling the least expensive extended validation SSL certificates? ...
hi, I have a swing application deployed in HTTP Server. Users use the browser to point an URL and install the client using java webstart. Now I need to enable https access to my application deployed on HTTP server. I am using JDK 1.5 as default jdk supported in the jnlp file. For time being I use a self signed certificate to the sign ...
I have a unique situation where I need to implement client certificate authentication over HTTPS between IE browser and IIS 6. The browser and IIS are separated by a firewall that only allows the browser to connect to IIS on the SSL port. We have an internal certificate server on the same network as IIS. I've generated an SSL server c...
I am using axis 2 webservice client. The first https call to the webservice throws a exception with the message: "Message did not contain a valid Security Element". I think that the problem could be the security mode: maybe it has to be message level security. In this case, how can I configure it in axis?. The code: System.setPropert...
Is it acceptable to submit from an http form through https? It seems like it should be secure, but it allows for a man in the middle attack (here is a good discussion). There are sites like mint.com that allow you to sign-in from an http page but does an https post. In my site, the request is to have an http landing page but be able t...
We are using IIS 6 and ASP.Net, When users make secure page requests using https://somesite.com/securePage.aspx the user gets an error: Error code: ssl error bad cert domain The certificate was issued to www.somesite.com and indicates that somesite.com uses an invalid security certificate. I was hoping to be able to catc...
I've created a .NET WCF service that is intended to always be over HTTPS. When I first created the service skeleton and ran it over HTTP, it worked fine. I used PHP5 to test the interoperability with the built in SOAP functions. However, once I switched to HTTPS, when I try to call the function from PHP, I get a fault back with the messa...
Is it possible to detect, on the client side, whether the user is using an encrypted page or not? Put another way -- I want to know if the URL of the current page starts with http or https. ...
I know there is no such thing as a dumb question but this is: Can you serve contextual based ads via adsense or others on a site that is entirely behind https? ...
Greetings, I'm utilizing Jmeter 2.3, which now supports "attempt HTTPS spoofing" under the Proxy Server element. I've tried on several different servers, and have had no success. Has anyone been able to successfully record from an HTTPS source with this setting? Or barring successfully recording, can anyone share a work-around? When...
I originally used WebRequest and WebResponse to sent Http Post Messages. Always I got a response of "OK". The message I post is an XML signed with a certificate in the xml. The composition is this: CSharp service that is sending to a https website. HTTPS Website on another place that I cant say. HTTPS Local Website locally that is just...
For example, one instance of apache is managing www.site.com/folder1/a.html www.site.com/folder2/b.html www.site.com/folder3/c.html I need to make sure that access to www.site.com/folder3/c.html is https only. All these folders are in the same document root. Is this possible? If not, what you recommend as the minimum changes necessa...
What is SSL and how does it relate to HTTPS? ...