RE: http proxying

From: Dave J Woolley <[email protected]>
Date: Thu, 13 Jan 2000 12:11:47 -0000

> From: Henrik Nordstrom [SMTP:hno@hem.passagen.se]
>
> The encryption protects the HTTP data from eavesdropping and tampering
> by any man-in-the-middle component, like proxies and such. This applies
> to both the requests and the responses.
>
        In practice you could get away with a man in the middle
        attack for most users who don't understand https and disable
        or ignore security mode change warnings, by mapping the
        URL at the proxy and only running https between the rogue
        proxy and the server. Client certificates, which should
        help prevent this, are only normally used on intranets.
Received on Thu Jan 13 2000 - 05:26:15 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:21 MST