WebApp Sec mailing list archives
Re: encryption over the web
From: Ivan Krstic <krstic () fas harvard edu>
Date: Mon, 14 Jun 2004 10:56:27 -0400
OPTUSBYS wrote:
If I were to enable encryption security for authorized people to access myweb page, how many implementation options there are available?Is SSL the only option to think of?
The question is whether you want people to be able to access your pages with standard browsers, or whether they'll need custom software. The latest crop of browsers (including MSIE) support SSLv2, SSLv3 and TLSv1, so those are your browser-independent options; anything else will probably require you to write a plugin or some type of tunneling encryption (such as stunnel). With the latter, how you do your encryption would be completely up to you. For what it's worth, I'd *strongly* advise against it, however.
Cheers, Ivan.
Current thread:
- RE: SQL Injection or XML, (continued)
- RE: SQL Injection or XML gcb33 (Jun 09)
- RE: SQL Injection Michael Howard (Jun 09)
- RE: SQL Injection Michael Silk (Jun 09)
- RE: SQL Injection WebAppSecurity [Technicalinfo.net] (Jun 10)
- RE: SQL Injection stevenr (Jun 09)
- RE: SQL Injection Michael Silk (Jun 09)
- RE: SQL Injection V. Poddubniy (Jun 10)
- encryption over the web OPTUSBYS (Jun 14)
- Re: encryption over the web Sam (Jun 14)
- Re: encryption over the web Keith W. McCammon (Jun 14)
- Re: encryption over the web Ivan Krstic (Jun 14)
- Re: encryption over the web Paul Johnston (Jun 14)
- Re: encryption over the web Pawel Jablonski (Jun 14)
- Re: encryption over the web Frank Knobbe (Jun 16)
- RE: encryption over the web Fan Zhang (Jun 16)
- Re: encryption over the web Lucas Holt (Jun 16)
- Re: encryption over the web Michael Ströder (Jun 17)
- Re: encryption over the web exon (Jun 17)
- encryption over the web OPTUSBYS (Jun 14)
- Re: SQL Injection Stephen de Vries (Jun 11)
- Re: SQL Injection Rogan Dawes (Jun 14)