Presumably if I use a webbrowser control to get data to my application I can stop anyone using a packet sniffer to look at the data by using SSL.
BUT - how do I stop people snooping the URL that the webbrowser connection is pointing at?
Printable View
Presumably if I use a webbrowser control to get data to my application I can stop anyone using a packet sniffer to look at the data by using SSL.
BUT - how do I stop people snooping the URL that the webbrowser connection is pointing at?
?
bump
If you want to protect the URL then you'd have to use a proxy server.
Connect to the proxy via SSL, and then send the hostname required encrypted.
Another way though would be if you had a proprietary formula in your application that generated a string of text dependant on the time of day, name of the computer, and all that.
So you'd goto :
http://host/dir/login.cgi?time=12:45...godfgjasdfijds
So your cgi file would then compare those first three items, generate their own encodestring, and check if it matches the encode string passed.
If it does, then it was probably your app that is visiting the URL.
If it does not, then that's someone just trying.
Hi Jamie
Can you tell me more about proxy servers and how they are accessed etc? Have you a good URL?
Quote:
Originally posted by plenderj
If you want to protect the URL then you'd have to use a proxy server.
Connect to the proxy via SSL, and then send the hostname required encrypted.
Is this a little like Kerebos??Quote:
Originally posted by plenderj
Another way though would be if you had a proprietary formula in your application that generated a string of text dependant on the time of day, name of the computer, and all that.
So you'd goto :
http://host/dir/login.cgi?time=12:45...godfgjasdfijds
So your cgi file would then compare those first three items, generate their own encodestring, and check if it matches the encode string passed.
If it does, then it was probably your app that is visiting the URL.
If it does not, then that's someone just trying.
I've no URLs to hand about proxies, but generally speaking you connect to the proxy on the http port, then send the hostname to which you want to connect, and the proxy connects for you.
But if you're using the webbrowser control, you should just be able to tell it to use a proxy and that's that.
Regarding kerberos.
As far as I know, kerberos is just an authentication protocol for networks etc.
So this would be authentication too I suppose, but its no more like kerberos, than it is like normal Windows of Netware authentication.