security - Server to Client SSL Encryption w/o SSL Authentication - Tomcat & Spring -


scenario: sensitive information exchanged (1) client server , (2) server client.

problem: data exchanged not encrypted, sniffing easy (it's theoretically possible, right?)

solution: encrypt data transmitted in either direction (server-to-client , client-to-server).

implementation:

(1) client server - generate certificate, install private key on server , configure tomcat work on https (many tutorials online).

(2) server client - private key goes (or generated by) clients, seems tutorials emphasize that every client should have own certificate sake of authentication.

question: if authenticating users through database username/password (hashed salt) combo, still need encrypt server-to-client data transmissions reduce chance of sniffing, can generate 1 private key clients? there other ways of achieving need tomcat/spring?

it seems you're mixing up:

regular https includes encryption in both directions, , private key + certificate on server side. once client requests resources through https, answer encrypted. you'll need enforce https connection (e.g. redirecting requests https no delivery of data through http)

if want client certificates, these purely used client authentication, sharing common client key/certificate possible clients defeat purpose. having client keys/certs not add more encryption data transfer.

answering follow-up question in comment:

for https, server keeps private key, public key shared client. on typical https, client can reasonably sure server (authentication, done through trustworthy signature on server's public key. pay trustcenters for) however, server has no clue client (here client certificates come play, purely authentication, not encryption)

server , client negotiate common session key. purpose there many different implementations of key-exchange protocol. forum not right place describe session negotiation , ssl handshake again, can sure need server side key purpose describe above: take website example: if go google mail, https encryption works through them having private key , certified (signed) public key: have no client side certification, provide username , password through encrypted connection them. otherwise you'd have install client side key/certificate lot of services - , of burden average internet user.

hope helps.


Comments

Post a Comment

Popular posts from this blog

curl - PHP fsockopen help required -

i trying work on cloudflare api , have found in documentation. unfortunately have no idea how can use in fsockopen or through curl. here example of post request. need know how can make request below data post using curl or fsockopen curl https://www.cloudflare.com/api_json.html -d 'a=cache_lvl' \ -d 'tkn=8afbe6dea02407989af4dd4c97bb6e25' \ -d 'email=sample@example.com' \ -d 'z=example.com' \ -d 'v=agg' here link cloudflare https://www.cloudflare.com/docs/client-api.html#s4.2 try one: $ch = curl_init("https://www.cloudflare.com/api_json.html"); curl_setopt($ch, curlopt_returntransfer,1); curl_setopt($ch, curlopt_followlocation, 1); curl_setopt($ch, curlopt_ssl_verifypeer,false); // handling of -d curl parameter here. $param = array( 'a' => 'cache_lvl', 'tkn' => '8afbe6dea02407989af4dd4c97bb6e25', 'email' => 'sample@example.com', 'z' =...
Read more

HTTP/1.0 407 Proxy Authentication Required PHP -

i working in restricted network/limited access internet. since have use proxy make web service call. here php code calling web service , response . $client = new soapclient("http: //www.xyz.com/abc/wsdls/login.wsdl", array("trace" => 1, "exceptions" => 1, 'proxy_host' => $proxy_host, 'proxy_port' => $proxy_port, 'proxy_login' => $proxy_login, 'proxy_password' => $proxy_password)); response is fatal error: uncaught soapfault exception: [wsdl] soap-error: parsing wsdl: couldn't load ' http://www.xyz.com/abc/wsdls/login.wsdl ' : failed load external entity if copy url error message , paste in browser(with same proxy settings) works. 2nd scenario is, if pass values instead of variables giving me diffarant response $client = new soapclient("http: //www.xyz.com/abc/wsdls/login.wsdl", array("trace" => 1, "exceptions" => 1, 'proxy_host' ...
Read more

c# - Resource not found error -

i have problem accessing method on homecontroller. show code of method : [httpget] public actionresult decriptidentifiantetredirige(string login_crypter, string mdp_crypter) { string loginacrypter = _globalmanager.protegemotdepasse(login_crypter); string mdpacrypter = _globalmanager.protegemotdepasse(mdp_crypter); user userapp = new models.user(login_crypter, mdp_crypter); if (userapp.authentificationvalidee(userapp.userlogin, userapp.password)) { session["name"] = userapp.userlogin; return redirecttoaction("accueil", "home"); } else { return redirecttoaction("validerauthentification", "home"); } } then in routeconfig.cs wrote route : routes.maproute( name: "authentificationapresdecryptage", url: "{controller}/{action}/{login_crypter}/{mdp_crypter}", defaults: new...
Read more