WebApp Sec mailing list archives
forbid non-secure proxy access
From: trespiko <trespiko () gmail com>
Date: Wed, 13 Dec 2006 11:31:56 +0800
hi! can anyone give me pointers/how-to on how to block access to web client using a non-secure proxy? for example, I use paros in my notebook to intercept requests and responses to/from an online banking application. I see this feature in blogger and gmail that have a warning like this: "Retrieval of secure URLs through a non-secure proxy is forbidden. This proxy is running on a non-secure server, which means that retrieval of pages from secure servers is not permitted. The danger is that the user and the end server may believe they have a secure connection between them, while in fact the link between the user and this proxy is insecure and eavesdropping may occur. That's why we have secure servers, after all. This proxy must run on a secure server before being allowed to retrieve pages from other secure servers. " i want to implement in one of my applications using Java. Might be related to the certificates, I guess thanks trespiko ------------------------------------------------------------------------- Sponsored by: Watchfire It's been reported that 75% of websites are vulnerable to attack. That's because hackers know to exploit weaknesses in web applications. Traditional approaches to securing these assets no longer apply. Download the "Addressing Challenges in Application Security" whitepaper today, and see for yourself. https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU --------------------------------------------------------------------------
Current thread:
- forbid non-secure proxy access trespiko (Dec 14)
- Re: forbid non-secure proxy access my.info.lists () gmail com (Dec 15)