I did the mistake of creating my entire web application and not testing it on IE along the way. I only tested it on Firefox and Safari. The web app runs fine on both Safari and Firefox but it gives a Permission Denied error on IE. I am using Google AuthSub authentication and so for authenticating using Google Account, it first redirects...
I have a desktop application that needs to upload files to a webserver. The protocol is HTTPS. I'm thinking I should write an ashx that will handle the uploads; sending 4k chunks at a time. With a response of ok each time. Is this a good algorithm? What is the best algorithm for uploading from a desktop application to a webserver ove...
This is not the first time I'm using this method to send a POST request, and I never had any problems: public static Stream SendPostRequest(Uri uri, byte[] postData) { var request = WebRequest.Create(uri); request.Method = "POST"; request.ContentType = "application/x-www-form-urlencoded"; request....
I'm using Noscript and found out that it has a function to force sites to use a secure connection, I tried forcing a few sites but when I try going to any of them I get a blank tab and my status bar acts like it's constantly reloading. I had a Greasemonkey script that forced secure connection before I found the Noscript option but the Gr...
On our site, we provide to users a simulation based on their private information (given through a form). We would like to allow them to get back on their simulation results later, but without forcing them to create a login/password account. We have thought of sending them an email with a link, from which they could get back their resul...
On my site I have a simple login form. The page is served via HTTP, but the form's POST URL is HTTPS. The normal method is that the user fills in their username/password, the form is submitted (to the fully qualified HTTPS URL, on the same site), and then the POST processing does a 303 redirect to the users' homepage. But sometimes this...
I have a customer SecureSocketFactory set to be used by Axis when making an https connection using the following property: AxisProperties.setProperty("axis.socketSecureFactory", "com.metavante.csp.model.manager.mobilepayments.MonitiseSSLSocketFactory"); When this class is instantiated by Axis the constructor with a Hashtable (attributes...
I want to redirect users, after HTTPS login, to the HTTP pages on the site. Using HTTPS for the whole site is not going to happen. What I have so far is the following: User posts the login form to the secure site The secure server validates the credentials The secure server sends a 302 redirect to the client This works, except on ...
Here is a scenario: I am embedding form.swf in http://somesite.com/page.html. The SWF is loaded from https://mysite.com/form.swf and submits to https://mysite.com/secureform.php. So, is the transmission to the server secure? ...
I am trying to convert into Java keystore file into a PEM file using keytool and openssl applicactions. But I could not find a good way to do the conversion. Any idea? Instead of converting the kaystore into PEM I tried to create a PKCS12 file first and then convert into relevant PEM file and Keystore. But I could not establish connect...
Well I have a site that uses relative paths for all the URLs. I just added a shopping cart so the two or three checkout pages are using HTTPS instead of HTTP. My problem is that a user is mid way through checkout and clicks a link on the navigation or whatever it seems them to that page with HTTPS when it is a page that doesn't require...
Hi, I would like to ask you guys cause I am not sure about the answer. I have website, Asp.Net 2.0, where I have section where only authenticated user has access. For sure user is redirected to restricted section only after successful authentication (login/pass). But my question is more concerned about fact if I need to use https o...
I am writing a web service in Perl that will run under SSL (HTTPS) with client certificates. How can I determine which certificate is being used by the client in the current connection so I can filter out unwanted ones? Note: the web service is being run as a mod_perl script. ...
I'm using URLLoader to do a web request via HTTPS, and I need to know what signing authorities Flash trusts. I've determined that I can't self sign the key, but can't find any documentation from Adobe on who is a trusted signing authority. Does Flash use the browser's trusted authorities? If you're using AIR, what list does it use? D...
On a https site that I am working on, I keep getting "Do you want to view only the webpage content that was delivered securely?. This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage." I made sure the site has relative links. Form actions are ...
I am deploying a Flash SWF which was built using Flex (3.2) / flexbuilder. It is a single SWF which doesn't do any further data requests of its own. It has some preloader code to display a progress bar when it is loading (it is approx. 650mb). It works fine in almost all environments, but when deployed over HTTPS it fails to load - on...
Hello, I am trying to understand gmail's authentication mechanism. I know it uses https for transporting the user credentials during login and then the rest of the communication happens over http. How is this achieved? Is some kind of key exchanged during the initial session over https and used in subsequent requests? if yes, Isn't some...
There seems to be a bug in the SSL implementation of an https server I'm connecting to; the problem initially arose in my application, but I've since been debugging / reproducing it with the openssl commandline utility, so I'm fairly certain it has nothing to do with my application at this point. If I connect to the remote server with n...
I am seeing the "This Page contains both secure and nonsecure items." message when viewing a page on my site from with IE 6. This does not appear in both IE 7 or Firefox. I have done some research and it appears that the problem has to do with links to HTTP:// rather than HTTPS:// Would the fix just be to view the page source and find e...
Lots of sites appear to support https but don't use secure cookies. I want to make my site use secure cookies but to allow for some content to be accessed using http instead. A sensible way to do this appears to be to have a secure cookie for the real session, and a non-secure cookie which is just a flag to say if the user is logged in...