TLS is negotiated on the channel before any data is sent on the
channel (RFC 2818). Other protocols, most notably ESMTP, use a
STARTTLS mechanism to negotiate the initiation of the TLS encryption.
"Security through obscurity" isn't secure. If nothing else, remember
that the client machine is outside of your domain, and you cannot be
certain in any way that the VM your application is running in hasn't
been compromised.
-Kyle H
On Sat, Mar 14, 2009 at 1:14 PM, Andy Burnett
<
[hidden email]> wrote:
> I had a brilliant idea today! Instead of bothering with authentication, I
> would use unguessable URLs (and/or arguments) for my application - yes I
> know it is hardly unique, but it might solve a problem for me.
>
> Anyway, after recovering form the shock of my idea, I suddenly realised it
> would be completely useless if the URL is transmitted in plain text. Does
> anyone know when the encryption in an SSL session actually kicks in? And is
> there anything I can set on WAKom to ensure that the URL is protected?
>
> Cheers
> Andy
>
> _______________________________________________
> Beginners mailing list
>
[hidden email]
>
http://lists.squeakfoundation.org/mailman/listinfo/beginners>
>
_______________________________________________
Beginners mailing list
[hidden email]
http://lists.squeakfoundation.org/mailman/listinfo/beginners