Full Disclosure mailing list archives
Re: Secure HTTP
From: Valdis.Kletnieks () vt edu
Date: Fri, 24 Mar 2006 05:32:35 -0500
On Fri, 24 Mar 2006 11:58:35 +0200, Q Beukes said:
i just dont want our clear text http traffic to be sniffed which has been a know problem on our network a few times.
If the text is something that you give a flying fsck in a rolling donut about the sniffability, it shouldn't be clear text http. Do the frikking SSL correctly on port 443 like the RFCs intend rather than cooking up some half-assed proxy scheme to work around it. <insert standard "if I had a nickle for every time somebody proposed a partial solution for the wrong part of the problem instead of doing it in the well-understood correct way in the first place, I'd be long since retired" speech here....>
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Secure HTTP Q Beukes (Mar 23)
- Re: Secure HTTP Cedric Blancher (Mar 23)
- Re: Secure HTTP Brian Eaton (Mar 23)
- Re: Secure HTTP Julien GROSJEAN - Proxiad (Mar 23)
- Re: Secure HTTP Brian Eaton (Mar 23)
- Re: Secure HTTP Clark Mills (Mar 23)
- Re: Secure HTTP Julien GROSJEAN - Proxiad (Mar 23)
- Message not available
- Re: Secure HTTP Q Beukes (Mar 24)
- Re: Secure HTTP Valdis . Kletnieks (Mar 24)
- Re: Secure HTTP Kenneth Ng (Mar 24)
- RE: Secure HTTP TJ (Mar 24)
- Re: Secure HTTP Julien GROSJEAN - Proxiad (Mar 27)
- Re: Secure HTTP Q Beukes (Mar 24)
- Re: Secure HTTP M Bealby (Mar 24)
- <Possible follow-ups>
- FW: Secure HTTP Edward Pearson (Mar 23)
- Re: FW: Secure HTTP n3td3v (Mar 23)