POST command error
Bernard Devlin
bdrunrev at gmail.com
Sat May 7 18:47:34 EDT 2011
Josep, even with libURLSetSSLVerification to false, the network
communication will be encrypted if you are using SSL. However, one
can argue it is not secure, in the sense that your client application
cannot be sure that the SSL certificate being accepted by it is really
one that is presented by your server. (In network security this is
called a "man in the middle attack" - it is technically possible for
some other server to present itself as your server and thus intercept
e.g. usernames/passwords).
The reference to the forum post provided above (where you export the
SSL certificate and have your client reference a PEM file containing
the exported certificate) is almost as secure as things get. If Runrev
ever finally produced client-side certificate handling, that would be
as secure as SSL communications can get. But since these client-side
certificates seem to be almost totally unknown in the world of
web-browsing, I can't see that Runrev consider it a priority (and it
looks like the promised future delivery of this which used to be in
the dictionary has been removed).
Bernard
On Sat, May 7, 2011 at 1:25 PM, JosepM <jmyepes at mac.com> wrote:
> Hi,
>
> But the comunication is secure, isn't? The only think is that I can't check
> if the SSL Certificate is valid, isn't?
>
>
> Salut,
> Josep
>
>
>
> --
> View this message in context: http://runtime-revolution.278305.n4.nabble.com/POST-command-error-tp3503001p3505400.html
> Sent from the Revolution - User mailing list archive at Nabble.com.
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
More information about the use-livecode
mailing list