Might be the same issue as this previuos question: WCF Proxy but not sure... I have an HTTPS service connfigured to use transport security and, I hope, Windows credentials. The service is only accessed internally (i.e. within the intranet). The configuration is as follows: <configuration> <system.serviceModel> <services> ...
A company I know is in discussions to firm up its password security policy across all its web application products. Right now they are sending username / password authentication in POST forms over HTTP, and thus, they are being sent plaintext. The simplest solution to the problem is simply to require HTTPS for logon across all our appl...
I have developed a new web service. Now, I need to deal with security issue as we are intending to make it a secure service. In order to set up SSL and https, I need to obtain and install an SSL certificate. Who is the certificate authority? Do you know how to go about with this? Are there concise articles on this? Regards. D...
Hi, does anyone know of a Java library to fetch webpages through https? ...
In a web based .Net solution which uses compiled help documentation made with Sandcastle we get an error when accessing the help documentation. The web applikation is run on https wich creates a problem since the help documents link to a css file through ms-help:// and according to the webapplication this is not a secure location. In th...
I note that some sites (such as gmail) allow the user to authenticate over https and then switch to http with non-secure cookies for the main use of the site. How is it possible to have http access to a session but this still be secure? Or is it not secure and hence this is why gmail gives the option to have the entire session secured ...
Where I work we have an ecommerce system on an intranet set up to process customer's credit cards. Currently when we charge a customer's credit card using Authorize.net we are not sending the credit card info to Authorize.net over a secure connection. Instead it goes over regular http. I'd like to get other opinions of how serious/neglig...
My server is currently hosting a php site. This site uses ssl for certain pages already. Now I am transitioning over to rails, and all my new rails apps go into a subfolder. Passenger is setup and and my app works great. One problem, If i try to go to these pages using ssl, I get a 404 error. Apparently apache is looking for the literal ...
I have a website with only home page available through simple HTTP protocol. All other pages are accessible only through HTTP over SSL(https://). I'm using CDN for home page and very happy with it. But for me it looks like using CDN for https pages is impossible because of security warnings, especially in IE. My files hosted at CDN are...
I'm trying to enable SSL for only certain actions on my CakePHP based website. I'm doing this using requireSecure() and redirecting to https://url in the corresponding blackHoleCallback(). To keep the server load down, I'd like to redirect back to http://whatever_url once the user is done with the action that requires SSL. How do I do ...
I am adding code to use a proxy server to access the Internet. The code works fine when requesting a file from a normal (HTTP) location, but does not work when accessing a secure location (HTTPS). This is the code that works just fine: URL = "http://UnSecureSite.net/file.xml" Dim wr As HttpWebRequest = CType(WebRequest.Create(URL), Htt...
I know that using SSL is one way to do this. I go to websites like Facebook and LinkedIn and see that they only use https when they are dealing with sensitive data like passwords and personal settings. How is this done? How are they able to implement https on some websites while using http on others, while still remaining secure, or are ...
Hi guys, So far, my https deployments have commonly involved a naive lockdown of the entire site with https and provide an http-to-https redirect on the web server. I now plan to have a single ASP.NET MVC site (on the cloud) that will contain both http and https pages. So, the site will have 2 conceptual (not physical) zones providing ...
On my https web site, how can I display images from a web site without a certificate? I own the example domain of: - http://www.example.com - http://static.example.com (used for my CDN) I own a certificate for WWW.example.com but not STATIC.example.com. On my www.example.com domain, you can register for the service over SSL using htt...
We currently have a website that has user account functionality, but we are looking to provide an API to allow users to manage their accounts/perform actions via other devices/websites, by providing an API for common tasks. Currently the website login is done via HTTPS for security, and then managed using PHP sessions with suitable secu...
Here is my issue. I am trying to call a page: foo.php?docID=bar and return a PDF to the screen which is stored as a BLOB in the DB. Here is the portion of my code which actually returns the PDF: $docID = isset($_REQUEST['docID']) ? $_REQUEST['docID'] : null; if ($docID == null){ die("Document ID was not given."); } $results = ge...
I'm POSTing data to a HTTPS server using libcurl compiled with openssl using Visual Studio 2008 in windows and it all works fine with CURLOPT_SSL_VERIFYPEER set to 0. I've tried following http://curl.haxx.se/docs/sslcerts.html and just about every "SSL and SECURITY OPTIONS" option in the manual. I'm wondering what the right combination o...
Hi, Our customer has asked that our application be able to communicate through HTTPS. The application itself is a C#.NET application, a client/server/database sort of application. My understanding from my programmer is that this is an additional layer of unnecessary encryption, but because our customer has asked for it we're going to ...
Hi, I want to read a secure webpage data say https://www.paypal.com, i am behind proxy. I tried with System.setProperty("java.net.useSystemProxies","true"); System.setProperty("htttps.proxyHost","myproxyhost"); System.setProperty("https.proxyPort","443"); URL u = new URL("https://www.paypal.com"); URLConnection uc = u.openConnection(...
I've found a problem with Firefox where links from HTTP to HTTPS don't work in a specific case. It has to be your very first visit on a site, you can't have any visits to this site in your history. What happens is that links to HTTPS just don't work initially, you have to click the same link 3 or 4 times and it will work. To reproduce t...