WebApp Sec mailing list archives
Re: encryption over the web
From: "Pawel Jablonski" <gorion () hacking pl>
Date: Mon, 14 Jun 2004 19:39:55 +0200
Hi there, Secure Sockets Layer (SSL) is a protocol is designed to support a range of choices for specific algorithms used for cryptography, digests, and signatures. This feature allows a server to pass a server certificate along with issuer certificates to the browser. Chain loading also permits the browser to validate the server certificate, even if Certificate Authority certificates are not installed for the intermediate issuers, since they are included in the certificate chain. SSL 3.0 is the basis for the Transport Layer Security TLS protocol standard, currently in development by the Internet Engineering Task Force (IETF). There's also Securing HTTP Connection, the secure version in mainly plain HTTP over SSL (named HTTPS using port 443), this mainly is what mod_ssl provides. It's highly recommended to use these, but as big as I know them, I doubt there's a big need of additional options to think of. Greets, Pawel "gorion" Jablonski ----- Original Message ----- From: "OPTUSBYS" <bysoo1 () optusnet com au> To: <webappsec () securityfocus com> Sent: Monday, June 14, 2004 9:48 AM Subject: encryption over the web
Hi there, If I were to enable encryption security for authorized people to access my web page, how many implementation options there are available? Is SSL the only option to think of? Thank you. Regards, Seeker
Current thread:
- RE: SQL Injection, (continued)
- RE: SQL Injection Michael Silk (Jun 09)
- RE: SQL Injection WebAppSecurity [Technicalinfo.net] (Jun 10)
- RE: SQL Injection stevenr (Jun 09)
- RE: SQL Injection Michael Silk (Jun 09)
- RE: SQL Injection V. Poddubniy (Jun 10)
- encryption over the web OPTUSBYS (Jun 14)
- Re: encryption over the web Sam (Jun 14)
- Re: encryption over the web Keith W. McCammon (Jun 14)
- Re: encryption over the web Ivan Krstic (Jun 14)
- Re: encryption over the web Paul Johnston (Jun 14)
- Re: encryption over the web Pawel Jablonski (Jun 14)
- Re: encryption over the web Frank Knobbe (Jun 16)
- RE: encryption over the web Fan Zhang (Jun 16)
- Re: encryption over the web Lucas Holt (Jun 16)
- Re: encryption over the web Michael Ströder (Jun 17)
- Re: encryption over the web exon (Jun 17)
- encryption over the web OPTUSBYS (Jun 14)
- RE: SQL Injection Michael Silk (Jun 09)
- Re: SQL Injection Stephen de Vries (Jun 11)
- Re: SQL Injection Rogan Dawes (Jun 14)
- Re: SQL Injection David Cameron (Jun 16)
- Re: SQL Injection Sverre H. Huseby (Jun 16)