We are thinking to SSL enabled part of our website, but some page contains ads from third party vendor (like Google AdSense). I'd think this will create a annoying problem for our users since they are going to see warning message like "This page contains both secure and non secure items" when they view a page with ads. However, when I ...
Say when using https, browser makes a request to the server and server returns its certificate including public key and the CA signature. At this point, browser will ask its CA to verify if the given public key really belongs to the server or not? How is this verification done by the Root cert on the browser? To give an example: S...
I'm in the process of creating a CSR, and I wonder which is arguably the best length for my RSA key. Of course, 384 is probably too weak, and 16384 is probably too slow. Is there a consensus on the key length one should use, depending on the certificate lifetime? Edit : Like most people, I want my key to be reasonably strong. I'm not...
Can you advise me whether it is possible or not to assign a SSL Certificate to a website in IIS7 using the APPCMD application? I am familiar with the command to set the HTTPS Binding appcmd set site /site.name:"A Site" /+bindings.[protocol='https',bindingInformation='*:443:www.mysite.com'] and how to obtain current mappings %windir...
I currently have a roll-your-own application security service that runs in my enterprise and is - for the most part - meeting business needs. The issue that I currently face is that the service has traditionally (naively) relied on the user's source IP remaining constant as a hedge against session hijacking - the web applications in the...
Has anybody gotten any type of security to work with WCF on Azure that would be compatible with Silverlight? I have already tried transport security on basic http binding, but it does not work. ...
What is the difference between HTTP Digest Authentication and SSL from a performance, security and flexibility point of view? ...
I'm looking for an existing HTTP protocol for securing authentication but not the payload that follows. I want the server to store the username, hashed password and different salt per user. HTTP Digest Authentication fails these requirements because all accounts use the same salt. SSL fails because it encrypts the entire connection. Ed...
Is it possible to have a FTP server using SSL on a application server that does not use SSL? How would you setup an ASP.NET 2.0 to consume a SSL certificate? This certianly sounds possible but is it advisable, is it good practice? ...
Please post the steps you have taken to setup SSL to work with WCF on Azure. I have my valid certificate uploaded successfully (using cspack) and working with the rest of the site, but after adding it, my previously working WCF service stopped working. (All I get is a 404 error back to Silverlight, which is not very helpful. Up votes ...
I'm using vim over a slow connection and it is a little painful. Is there anything I can do in vim to alleviate the pain? ...
I have a page under SSL with an iframe that refreshes itself every 20 seconds through an HTTP refresh prgama. If I browse the site with IE7 and phishing filter enabled I receive secure-nonsecure content warnings in irregular intervals which cease if phishing filter is disabled. Does anybody have an idea what I can do in order to get rid ...
I have a Java main application running on my PC that can send XML data to a servelet and recieve XML data back. http://iamt.wisconsin.gov/IAM-WiEntUser/WiEntUserService?xml= I can use https://iamt.wisconsin.gov/IAM-WiEntUser/WiEntUserService?xml= from IE and Firefox because I they allowed me to load the private certificate. I want to u...
I'm setting up a webserver for a system that needs to be used only through HTTPS, on an internal network (no access from outside world) Right now I got it setup with a self-signed certificate, and it works fine, except for a nasty warning that all browsers fire up, as the CA authority used to sign it is naturally not trusted. Access is...
I'm working on a web site which contains sections that need to be secured by SSL. I have the site configured so that it runs fine when it's always in SSL, I see the SSL padlock in IE7/IE8/FireFox/Safari/Chrome To implement the SSL switching, I created a class that implemented IHTTPModule and wired up HTTPApplication.PreRequestHandlerE...
This question is all about solving a SslPolicyError.RemoteCertificateNotAvailable error. I have developed a TCP Server with SSLStream and a TCP Client for the other end. I authenticate the server with: sslStream.BeginAuthenticateAsServer I authenticate the client with: sslStream.BeginAuthenticateAsClient I am loading my client c...
Hello everyone! I'm attempting to set up MySQL replication with SSL encryption, and while I'm beginning to close in on the solution, there's one aspect of the process that I can't wrap my brain around relating to the way MySQL uses SSL. According to the documentation on MySQL 5.0 (setting up SSL for client/server and setting up SSL fo...
I try to connect to CVS through eclipse. After entering (host, repository path, user, password) and by clicking finish, it gives me the following error : Error validating location : "Could not connect to :pserver:username@host:/CVS/Myproject:I/O exception occured: ProxyHTTP: java.IOEXCEPTION: proxy error (the specified socket layer (...
As a user of web applications, I tend to only sign up for services that use SSL secured login forms. As a developer, I know the risk is that non SSL forms are transmitted in plain-text and an unscrupulous individual could "sniff" the HTTP traffic and ascertain my login and password. However, what is the true risk or possibility of th...
Anyone have any information on this? ...