Results 1 to 6 of 6

Thread: Hiding from packet sniffers.

  1. #1

    Thread Starter
    Fanatic Member Kzin's Avatar
    Join Date
    Dec 2000
    Posts
    611

    Question Hiding from packet sniffers.

    Presumably if I use a webbrowser control to get data to my application I can stop anyone using a packet sniffer to look at the data by using SSL.

    BUT - how do I stop people snooping the URL that the webbrowser connection is pointing at?

  2. #2

    Thread Starter
    Fanatic Member Kzin's Avatar
    Join Date
    Dec 2000
    Posts
    611
    ?

  3. #3

    Thread Starter
    Fanatic Member Kzin's Avatar
    Join Date
    Dec 2000
    Posts
    611
    bump
    Looking for a friendly intelligent chat forum? Visit the white-hart.net

  4. #4
    Retired VBF Adm1nistrator plenderj's Avatar
    Join Date
    Jan 2001
    Location
    Dublin, Ireland
    Posts
    10,359
    If you want to protect the URL then you'd have to use a proxy server.
    Connect to the proxy via SSL, and then send the hostname required encrypted.

    Another way though would be if you had a proprietary formula in your application that generated a string of text dependant on the time of day, name of the computer, and all that.

    So you'd goto :

    http://host/dir/login.cgi?time=12:45...godfgjasdfijds

    So your cgi file would then compare those first three items, generate their own encodestring, and check if it matches the encode string passed.
    If it does, then it was probably your app that is visiting the URL.
    If it does not, then that's someone just trying.
    Microsoft MVP : Visual Developer - Visual Basic [2004-2005]

  5. #5

    Thread Starter
    Fanatic Member Kzin's Avatar
    Join Date
    Dec 2000
    Posts
    611
    Hi Jamie

    Can you tell me more about proxy servers and how they are accessed etc? Have you a good URL?

    Originally posted by plenderj
    If you want to protect the URL then you'd have to use a proxy server.
    Connect to the proxy via SSL, and then send the hostname required encrypted.



    Originally posted by plenderj


    Another way though would be if you had a proprietary formula in your application that generated a string of text dependant on the time of day, name of the computer, and all that.

    So you'd goto :

    http://host/dir/login.cgi?time=12:45...godfgjasdfijds

    So your cgi file would then compare those first three items, generate their own encodestring, and check if it matches the encode string passed.
    If it does, then it was probably your app that is visiting the URL.
    If it does not, then that's someone just trying.
    Is this a little like Kerebos??
    Looking for a friendly intelligent chat forum? Visit the white-hart.net

  6. #6
    Retired VBF Adm1nistrator plenderj's Avatar
    Join Date
    Jan 2001
    Location
    Dublin, Ireland
    Posts
    10,359
    I've no URLs to hand about proxies, but generally speaking you connect to the proxy on the http port, then send the hostname to which you want to connect, and the proxy connects for you.

    But if you're using the webbrowser control, you should just be able to tell it to use a proxy and that's that.


    Regarding kerberos.
    As far as I know, kerberos is just an authentication protocol for networks etc.
    So this would be authentication too I suppose, but its no more like kerberos, than it is like normal Windows of Netware authentication.
    Microsoft MVP : Visual Developer - Visual Basic [2004-2005]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width