Originally posted by John Meyers:
You should use SSL if you want to encrypt anything with some confidence. Send the credentials via https
Originally posted by ankur rathi:
Do you encrypt password yourselves on �login page� before transferring it over network or trust on post method?
Thanks.
Originally posted by Pavel Kubal:
http://www.interwebinc.com/security/ssl.html
This funny tutorial may help you with understanding of SSL. In addition, sel-signed certificate may be perfectly sufficient for you.
Originally posted by ankur rathi:
I knew the concept of public and private key before. One encrypts a message with own private key and sends, and other decrypts it with public key of sender.
But my doubt is, though it�s a public key by name but how others will know about that key? And if I am sending my public key before secure communication starts then it might get hacked by someone and so rest of the communication also with this public key�
:roll:
apigee, a better way to API!
Originally posted by Nitesh Kant:
Public key is not used for decrypting. It is used for encrypting.
You always encrypt using public key and it can only be decrypted using the private key.
Originally posted by ankur rathi:
Oh sorry, I just made it reverse.
Okay so sender encrypts message with receiver's public key and sends and receiver decrypts it with own private key.
But how does sender know receiver's public key at the first place. :roll:
Thanks.
Originally posted by John Meyers:
The certificates that a container will accept are also vendor specific. Self signed as opposed to being signed by a CA. Self signed certificates may not be configurable on some containers
Originally posted by John Meyers:
The certificates that a container will accept are also vendor specific. Self signed as opposed to being signed by a CA. Self signed certificates may not be configurable on some containers
That's server-specific; the procedure for Tomcat is described here.How container sends public key to browser? Needs to do configuration in container. How?
That's a deep subject; start reading here.How browser encrypts data with that public key? is it done automatically or what?
And what if we want browser NOT to encrypt some of the data?
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime. |