Last week, we had the author of TDD for a Shopping Website LiveProject. Friday at 11am Ranch time, Steven Solomon will be hosting a live TDD session just for us. See for the agenda and registration link
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

HTTPS SSL PROBLEM

 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
---------------------------------
https is one of the secure protocol that is, in now a days, used as a basic need to transmit data securely in internet applications(our application do use https). SSL is what encrypts the data sent through the https which sits below the http and encrypts the http data using a common encryption algorithm agreed between server and client. what happens if the data is sniffed in between the http and SSL, i.e we get the data before it reaches the SSL layer. we log the data and then send it to ssl. its like man-in-middle-attack, but between the http and ssl. i wrote an application that will alter the internet connection programmatically to enable this way of sniffing, then log the data, then send to ssl. i restricted the user in restoring the default internet settings.

if this is the case, then why not a malware, virus or trojans can sniff data easily which we believe is sent through a secure protocol. is the answer to this problem lies only with the independent system users, cleaning and securing their system with anti-virus, anti-trojan, anti-malware systems? does any virus or trojans exists with this kind of functionality? am i reinventing this problem?

Vijay Veeraraghavan
-----------------------------
 
Rancher
Posts: 43027
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If a machine is malware-infected all bets as to the security and privacy of it are off anyway. That is to say, if that's a possibility, then there may be larger problems than worrying about the sniffing of transmissions that should be SSL-encrypted.

Having said that, the SSL en/decryption and display of data all happens in the browser. So unless part of the browser binary has been altered, there isn't much chance of a piece of malware actually observing the data. That's just an educated guess on my part, though, and may be dependent on the underlying OS.
 
I knew I would regret that burrito. But this tiny ad has never caused regrets:
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic