Collaborate Disseminate
If using Basic security under an SSL connection (https), is is not true that the server matches the user/password combination, but what happens after that? What prevents the browser from accessing the server? Does the browser… Continue reading Who is the Gate Keeper?
I am using the node tls module https://nodejs.org/api/tls.html to set up a secure connection between a client and a server (both Linux).
On the server I use:
const options = {
key: fs.readFileSync(‘server.key’),
cert:… Continue reading Does the nodejs tls module check for other authorities than my own authority?
for Authentication of my Executeable i use a TCP Server Module running on a VPS my Client(Executeable) connects to. Therefor i have to have the IP of the VPS inside the Executeable. I have two major problems with this:
1. If … Continue reading Change Server IP used by Executeable [Client-Server Authentication]
I have a question about open source, multi-user projects.
Let’s say that you have an open source project, you also have a server on the internet, you distribute clients to the users, these client softwares communicate with t… Continue reading Server security in open source projects
I have a question about open source, multi-user projects.
Let’s say that you have an open source project, you also have a server on the internet, you distribute clients to the users, these client softwares communicate with t… Continue reading Server security in open source projects
What libraries does Windows use to send ssl traffic? The ws2_32.dll has the tcp send function, but the traffic is encrypted before it reaches that function.
I’m looking to reach the code where the traffic is still in plainte… Continue reading Hooking Windows SSL libraries
I made an API that communicates with my client (cross-platform mobile app). The API is in Google cloud.
Apparently Google has no way to authenticate calls to the API if you don’t force people to use Google-accounts (somethi… Continue reading Authenticating calls to API using custom tokens/client credentials, sent as plain text, safe?
We have a proper signed server certificate and intermediate CA from a trusted certificate authority.
Is it true that we cannot use this certificate (so the intermediate CA) for creating our own client certificates?
As I rea… Continue reading Create client certificates using signed certificate
We have a proper signed server certificate and intermediate CA from a trusted certificate authority.
Is it true that we cannot use this certificate (so the intermediate CA) for creating our own client certificates?
As I rea… Continue reading Create client certificates using signed certificate
I am working on a commercial device (custom hardware with firmware and embedded software) that includes a Linux OS and will run in an unsecured network environment connected via Ethernet. It will be vulnerable to various att… Continue reading Client certification authentication as an option for securing a device to allow access