open secure socket... using certificate

Tom Glod tom at makeshyft.com
Mon Feb 1 16:44:12 EST 2021


Richard,

Lets say one of my users is targetted by a hacker and they manage to
install a malware process on their system that will capture all the data
flowing between the 2 processes.
Then they do not need to be sitting in the victim's chair.
But if the data was encrypted, this wouldn't matter.


On Mon, Feb 1, 2021 at 4:02 PM Richard Gaskin via use-livecode <
use-livecode at lists.runrev.com> wrote:

> Tom Glod wrote:
>
>  > On Fri, Jan 29, 2021 at 1:09 AM Richard Gaskin wrote:
>  >> The main benefit of encrypted sockets is to mitigate man-in-the-
>  >> middle attacks.
>  >>
>  >> If you have a man in the middle of processes on a local computer that
>  >> isn't you, it would seem you have bigger concerns. ;)
> ...
>  > Hi Richard...the man in the middle attack is exactly the thing I was
>  > thinking of.
>
>
> It seems I didn't write clearly.
>
> With localHost the man in the middle is you, or someone else with
> physical access to your computer (which is more or less the same thing).
>
> Given the old adage that physical access  = root, I'm unable to think of
> a scenario in which encrypting localhost sockets is beneficial.  Am I
> overlooking something?  I'm no CISSP, so I may well be.
>
> --
>   Richard Gaskin
>   Fourth World Systems
>   Software Design and Development for the Desktop, Mobile, and the Web
>   ____________________________________________________________________
>   Ambassador at FourthWorld.com                http://www.FourthWorld.com
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


-- 
Tom Glod
Founder & Developer
MakeShyft R.D.A (www.makeshyft.com)
Mobile:647.562.9411



More information about the use-livecode mailing list