|
-
Aug 14th, 2002, 04:55 PM
#1
Thread Starter
Fanatic Member
Hiding from packet sniffers.
Presumably if I use a webbrowser control to get data to my application I can stop anyone using a packet sniffer to look at the data by using SSL.
BUT - how do I stop people snooping the URL that the webbrowser connection is pointing at?
-
Aug 15th, 2002, 11:28 AM
#2
Thread Starter
Fanatic Member
-
Aug 19th, 2002, 03:21 AM
#3
Thread Starter
Fanatic Member
 Looking for a friendly intelligent chat forum? Visit the white-hart.net 
-
Aug 19th, 2002, 03:26 AM
#4
Retired VBF Adm1nistrator
If you want to protect the URL then you'd have to use a proxy server.
Connect to the proxy via SSL, and then send the hostname required encrypted.
Another way though would be if you had a proprietary formula in your application that generated a string of text dependant on the time of day, name of the computer, and all that.
So you'd goto :
http://host/dir/login.cgi?time=12:45...godfgjasdfijds
So your cgi file would then compare those first three items, generate their own encodestring, and check if it matches the encode string passed.
If it does, then it was probably your app that is visiting the URL.
If it does not, then that's someone just trying.
Microsoft MVP : Visual Developer - Visual Basic [2004-2005]
-
Aug 19th, 2002, 04:06 AM
#5
Thread Starter
Fanatic Member
Hi Jamie
Can you tell me more about proxy servers and how they are accessed etc? Have you a good URL?
Originally posted by plenderj
If you want to protect the URL then you'd have to use a proxy server.
Connect to the proxy via SSL, and then send the hostname required encrypted.
Originally posted by plenderj
Another way though would be if you had a proprietary formula in your application that generated a string of text dependant on the time of day, name of the computer, and all that.
So you'd goto :
http://host/dir/login.cgi?time=12:45...godfgjasdfijds
So your cgi file would then compare those first three items, generate their own encodestring, and check if it matches the encode string passed.
If it does, then it was probably your app that is visiting the URL.
If it does not, then that's someone just trying.
Is this a little like Kerebos??
 Looking for a friendly intelligent chat forum? Visit the white-hart.net 
-
Aug 19th, 2002, 04:12 AM
#6
Retired VBF Adm1nistrator
I've no URLs to hand about proxies, but generally speaking you connect to the proxy on the http port, then send the hostname to which you want to connect, and the proxy connects for you.
But if you're using the webbrowser control, you should just be able to tell it to use a proxy and that's that.
Regarding kerberos.
As far as I know, kerberos is just an authentication protocol for networks etc.
So this would be authentication too I suppose, but its no more like kerberos, than it is like normal Windows of Netware authentication.
Microsoft MVP : Visual Developer - Visual Basic [2004-2005]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|