During the buy process of my ecommerce site that I'm developing in MVC I need to pass the "cart" session to a different subdomain (e.g. http : //www.abc.com to https : //secure.abc.com). I guess I have to perform the same trick as with webforms where I save all the variables associated with the session to a database, then pass the ID of...
My understanding is that TLS is an encryption technique that allowing two STMP servers to communicate with each other securely. If HTTPS is used to connect to an STMP serve is that the same as using S/MIME? ...
Hi, I have a HTTP POST string that I am running from a client cpp program against a server running Apache. Following is the POST string that would get fired from the clients: "POST %s HTTP/1.0\r\n" "Host: %s\r\n" "Content-type: multipart/form-data\r\n" "Content-length: %d\r\n\r\n" "Content-Disposition: %s; filename: %s\n" It would b...
Hi all is there a way from firefox-extension-API to get notified when browser fires CONNECT to the Proxy ( for tunneling Https)? with on-request-... you can only get standard http-methods like get, post, put. thanx ...
In Firefox, I view my site and get no warnings about insecure mixed content. Using FireBug, I can see that every request is https. In Chrome, I get the https crossed out in the address bar. I viewed source in Chrome and then ran this regex /http(?!s)/ but the only things it found were the href attributes for some external links an...
I'm trying to use this API: www.cpsc.gov/cpscpub/prerel/api.html Documentation: www.cpsc.gov/cpscpub/prerel/requirements.pdf Here is the location calls are to be sent, which also includes sample code snippets: http://www.cpsc.gov/cgibin/CPSCUpcWS/CPSCUpcSvc.asmx The getRecallByWord function should return XML data. Here's a preformed ...
Hi I have to make changes to classic asp website where once a button is clicked it autologins to a third party website with a intermediate page that warns that you are logging in to a third party website. The thirdparty is providing us with a username and password and gave us an examle javascript to encode the password to send to them...
Lets say the user access a stripes action1 using https. Once action1 processing is complete, it uses RedirectResolution to redirect to action2. At this point, the browser receives a 302 to to action2 with http and not https. How will I make RedirectResolution to use https while redirecting to action2? ...
Hello, I am interested in web security right now. So I read about PKI and Diffie Hellman authentication forms. Now I am reading about certificates and I ask me how that works. So I know Browser have some trusted certificates in it, so you trust the pages, the company which the browser is from, trusts already. So when A trusts B and B ...
Hello, I am working on a spring based application which will be delivered to several clients. I would like to find a way to override the securiy settings defined in web.xml either at runtime (to switch between HTPP and HTTPS), either to load another web.xml without unpacking and editing the web.xml from the application jar. Thanks fo...
I have a django web application that's running on apache 2.2.14 and I want to run the admin application over https. Having read considerable discussions on using a proxy, writing middleware, running alternative wsgi scripts, the chaps in #httpd came to my rescue. The solution is so simple, I was surprised I didn't find it online, so ...
On an Apache server, I have set of Profile pages within a folder protected by htaccess (/main/profile). After a user updates their profile, I want to set a $_SESSION['timelineuser']= or a session cookie for use back in the main folder of the site (/main/) which is unsecure. On the unsecure page I want to check to see if $_SESSION['timel...
Hello, I have another question to security in the web. If I understand it correctly certificates are for identify who you really are. So the man in the middle attack isn't possible. But when I see this image: http://upload.wikimedia.org/wikipedia/commons/thumb/2/2b/Digital_Signature_diagram.svg/800px-Digital_Signature_diagram.svg.png ...
Hi we have a web service hosted in our servers but we would like to host it over a secure https server for demo purposes to be used by our clients. Security is crucial as our clients will need to upload their sensitive data there. Does anyone know if we can purchase for a month or so a secure https domain in amazon web services, or micr...
I've created a script in php that is used to capture the properties for users. In order to do so, it requires calling the api to obtain those properties. The url I set is: $url=("http://user:[email protected]/@api/users/=$user_id/properties"); Then use file_get_contents for the xml. When I simply type this url into the browser it ...
Hello, I have another question to security in the web world. So I read (and ask :P) about certificates and think I got what it is and how it works. My next question is putty specific. When I open a connection with putty to a new server with ssh (port: 22) I get a PuTTY Security Alert: The server's host key is not chacked in the regi...
I realized, that when i deploy a new version of my app. to my webserver ( IIS 7.5 ), it takes about 10 seconds, until a client is able to establish a HTTPS connection ( HTTP is fine )... The problem is gone after 2 or 3 minutes... I wonder why this is? Any ideas? ...
I've found this question, which doesn't really solve my problem but at least maybe lets me phrase my question the right way. I have a simple Camping app that I launch via rackup. I'd like to be able to test the app over a secure connection (self-signed server cert would be fine) but since I don't have root on my development box it'd be...
I need to post a string from a .NET site to a Classic ASP site which are hosted on the same server (different virtual directories). https: //example.com/DOTNETSite/Sender.aspx to https: //example.com/ClassicASP/SomeFolder/Target.asp Target.asp page has 3 ways to handle incoming data: Form Post Query String Headers I cant pass my...
Hi, I'm trying to make use of ajax control toolkit in a wss 3.0 application. It works well over http requests but over https it throws error code 500. In a https request it manages to load everything, including the scriptresources related to the ajax functionality, but not the scriptresources which is specific to the ajax control tool...