All Questions

Tagged with
304 questions with no upvoted or accepted answers
Filter by
Sorted by
Tagged with
6votes
0answers
1kviews

HTTPS TSL Certificate Chain Validation Using Python Requests

I'm running a windows service using python 2.7.9. As part of it i'm trying to connect to a server using HTTPS. I'm using requests model (2.7.0) to do it. I'm also using wincertstore (0.2) model to ...
user avatar
  • 854
4votes
0answers
417views

Self-signed certificate for Android Application

I am developing an android application which interacts with my server. For including the SSL layer, I created a self-signed certificate for my server. So, at present when i access my server through a ...
user avatar
  • 8,881
4votes
0answers
307views

Standalone DartVM: Self-Signed Certificates and SSL

I've been struggling recently with using the standalone DartVM and SSL as a client. I'm of the understanding that Dart uses Mozilla NSS to manage the certificates. What I'm having a problem wit, is ...
user avatar
  • 275
4votes
2answers
1kviews

HTTPS handshakes are slow. What is a good alternative, to improve the user experience?

HTTPS is slow to start up, especially on low-bandwidth and high-latency connections, or on low-spec machines. Unfortunately it seems to be the standard method for securing logins used by all major ...
user avatar
  • 26.4k
3votes
0answers
709views

java 11 HttpClient leads to endless SSL loop even with disabled TLSv.1.3

I facing a problem with standard java http client. By some reason that I don't know yet it go into infinite loop and utilize all cpus I have. Below is an example stack trace and a method where the ...
user avatar
  • 1,610
3votes
1answer
2kviews

Java: Determine type of KeyStore from Keystore file

So I have an application in which I'm allowing the user to configure the server with HTTPS. The server uses Undertow. To add a HTTPS handler to Undertow, I need to make a call to Keystore.getInstance("...
user avatar
3votes
0answers
138views

Preferring HTTPS IRIs on the semantic web

TL/DR: Why shouldn't we prefer https: IRIs when defining new vocabularies for the semantic web? The semantic web is built around the use of IRIs to identify various components, be they resources like ...
user avatar
3votes
0answers
813views

Intercept docker container https requests traffic with mitmproxy

How can I configure docker with mitmproxy? I have found this post, but being beginner in docker and mitmproxy it is difficult to understand it. I know that the mitmporxy doc. contains tutorial, to ...
user avatar
3votes
0answers
178views

Why my setDefaultHostnameVerifier() didn't work for the first time?

Here is my code: private void upload() { Task task = new Task(); task.execute(); } class Task extends AsyncTask<String, String, String> { @SuppressLint("NewApi") @Override ...
user avatar
  • 169
3votes
0answers
4kviews

SOAP client over SSL: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I am working with remoted SOAP service through the HTTPS (HTTP over SSL) and I've generated my client classes with axis WSDL2java tool. So, I use Axis2 client, i have tried Axis too, here wasn't ...
user avatar
3votes
0answers
9kviews

PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

I have a certificate(signed by a ca) added to my truststore, but when I try to access it via the following code, I get the exception, PKIX path validation failed: java.security.cert....
user avatar
  • 1,924
3votes
0answers
540views

Why don't I get hostname mismatch error on localhost?

If I have a valid signed SSL cert, I can see the CN (common name) attribute does not have localhost or the LAN IP - but I do not see an SSL error "ssl_error_bad_cert_domain" when I connect to https://...
user avatar
  • 10.6k
3votes
1answer
508views

Connection context and UserNamePasswordValidator

I´am using UserNamePasswordValidator for WCF. My code is similar. I use database. Does any know how can I get information about current connection context in this method. I want to log ip address of ...
user avatar
3votes
2answers
2kviews

how to switch between Http and Https in asp.net

i want to apply SSL security on few pages of my website. Do you have any idea for it? Can you tell me how i can switch between Https and Https? Actually the matter is i have big web application and i ...
user avatar
  • 6,269
2votes
2answers
1kviews

Configure HTTPS and Basic Auth for Alertmanager

I would like to secure my Alertmanager with tls and authentication, so that in my network, not everyone is able to access the public facing end point. I don't want to use nginx server for proxy. This ...
user avatar
2votes
0answers
29views

For a REST API is it best practice to redirect http traffic to https or to return error with 401 or 403 status code?

I have a system to system REST API which should only, always use HTTPS, but if a client sends HTTP traffic, should we redirect them to the HTTPS url, or return an error with 401 or 403 status code? I'...
user avatar
2votes
0answers
71views

document.cookie is an empy string, even if some cookies are not httpOnly

In php, I return cookie headers over https, but some cookies are NOT marked httpOnly. Yet, document.cookie contains an empty string in the browser when run over https (tested with chrome, firefox, ...
user avatar
  • 51
2votes
0answers
489views

Cloning a GitHub repository using user secret in the link

git clone https://<user-name>:<token>@github.com/<user-name>/<project-name>.git Suppose an HTTPS request as above. I want to know, how secure would be this request/call? More ...
user avatar
  • 895
2votes
1answer
3kviews

InitialisationException: KeyStore must be configured for server side SSL in Mule Esb

Trying to send https request in mule . I generated keystore.jks for server and truststore.ts for client , I put them in the resource folder as in the below Image : here is mule flow : <?xml ...
user avatar
  • 2,298
2votes
0answers
122views

Is Loading Images From HTTP on a HTTPS Website Dangerous?

Chrome grays out the green lock of a HTTPS website when the site is trying to load scripts or images from insecure sources. I understand that scripts from insecure connection may be hacked to change ...
user avatar
2votes
2answers
193views

How to have HTTPS on Github page with custom domain

I stumbled across this page and wonder how to have HTTPS with custom domain on a github page https://github.com/2factorauth/twofactorauth https://twofactorauth.org/
user avatar
  • 885
2votes
2answers
28views

I login and send a secure cookie to browser. Now on http page if I make a request can it send the secure cookie accross?

Does the browser send a secure cookie over http connection. I have a website where some pages are https some are http. I create a secure cookie over a http page. Now if I move to a http page and ...
user avatar
  • 329
2votes
0answers
72views

Message level security for web application

I have a HTML5, AngularJS application in which I authenticate user based on windows authentication. This works fine. I have a connect option in the application which allows user to connect to some ...
user avatar
  • 2,813
2votes
0answers
285views

Check SSL connection with PHP: intercept warnings or anyway manually handle various scenarios

I want to get the details of digital certificate of a domain, if the digital certificate exists. I want to build something like the Google Chrome security indicator. To get the details of the ...
user avatar
  • 5,611
2votes
0answers
81views

Remote API for authorization and registration from mobile client

I am looking for the best way, the most secure way to build Client-Server communication. I have simple web site where I can login and sign up using well-known web secure implementation. But I need to ...
user avatar
2votes
0answers
44views

Forms are posting nothing when using SSL

When using JOOMLA site with SSL enabled all the forms on the website are Posting nothing! print_r($_POST); results null Please let me know how to get back all the Forms posting data as normal even ...
user avatar
2votes
0answers
1kviews

Add permanent security exception to localhost for chrome

What is the procedure to add a security exception for Chrome on localhost? I tried to follow the instructions in this post but it doesn't seem to work. Suggestions? The Chrome version is the ...
user avatar
2votes
1answer
15kviews

The SSL certificate for this service cannot be trusted

We scanned our website acbd.com with Serverscan and reports show that “The SSL certificate for this service cannot be trusted”. We are using a Comodo Premium SSL Wildcard Certificate and it's working ...
user avatar
2votes
0answers
32views

Is internal url redirection security concern?

I have a short url say http://su.in/fixed_pattern On clicking above url, one can redirect to http://longdomain.com/longurl?variablename=variablevalue Both domains su.in and longdomain.com are known ...
user avatar
2votes
1answer
3kviews

Calling HTTPS APIs from HTTP pages via javascript

I have a landing page on http://example.com ;that has an ajax login bar on it, which sends the user's login to the server, receives the authentication response, and displays it to the user. The ...
user avatar
2votes
1answer
383views

AS2 FP8: HTTPS SWF loading data from HTTP

I have an AS2 FP8 swf hosted on an HTTPS site that needs to sendAndLoad data to a HTTP site. I've read the whitepaper covering crossdomain policy files, yet they only cover the scenario of a HTTP swf ...
user avatar
2votes
1answer
672views

How to use Selenium server standalone to test https web applications?

In our web application project, I used to use Selenium Server Standalone to test the website. Then we switched from http to https and now none of the test cases work anymore! When I run the test cases....
user avatar
2votes
2answers
252views

ASP.Net https v/s http

Published a ASP.Net web service in iis 6.0. I am not able to access the service with http protocol. Only https works and its prompting a certificate error. Any solution to make this an unsecured one . ...
user avatar
1vote
0answers
24views

What does `X-Download-Options: noopen` does?

I'm looking at the defaults of Helmet.js and encountered with X-Download-Options Currently, I've found these: It's only for IE8 In IE8 if you don't give noopen to this header, any downloaded HTML ...
user avatar
1vote
1answer
65views

Android: network_security_config to choose cleartext communication only on local LAN

the concept of "network_security_config" entry is clear - but I need to access other devices on the local (!) network using HTTP (that is, wallboxes and PV systems and home batteries), but ...
user avatar
  • 165
1vote
1answer
113views

Getting app version from playstore in cordova

I'm trying to get the app versión of the app uploaded in playstore, i'm truying to use https://play.google.com/store/apps/details?id with this code var url = 'https://play.google.com/store/apps/...
user avatar
1vote
0answers
28views

how to enable https from java application

I am using core java for my rest service. Based on my requirement I cannot use spring boot for rest endpoint. I achieved implementing http endpoint from core java. But I cannot enable HTTPS via core ...
user avatar
1vote
0answers
857views

Need of Encryption/Decryption of REST API request/response?

In what situations is it needed to encrypt the REST API HttpRequest at the client-side before sending it to the server and to encrypt the HttpResponse at the server before sending it to the client-...
user avatar
1vote
1answer
69views

If the IPv4 public IP is displayed when the API is called on the front end, are there any security issues with this back end?

Now, I am using ec2 as the backend platform (node js + nginx + certbot), and the settings of nginx.conf are as follows server { listen 80; server_name somethings.example.com; root /usr/...
user avatar
1vote
0answers
585views

Packets capturing using httpCanary

I am using httpCanary for capturing packets in android 9 it is working fine. The same things I am installing but it is not able to capture due to the certificate is not installed as System Certificate....
user avatar
1vote
1answer
168views

how to disallow insecure connection to http-server npm?

I am using below command to create secure http-server, http-server -a :: -p 8081 --cors -c-1 -S -C cert.pem -K key.pem -r But with below command I can able to access content, curl -k https://...
user avatar
1vote
0answers
53views

How to completely force https only for website including for requests outside a browser?

We have an azure website, where we have the https only setting turned on, and we also have url rewrite rules set up as well so that when you go to our site at http://example.com (we have a custom ...
user avatar
1vote
1answer
728views

Filtering out spam HTTP traffic on nginx

I have a web server that hosts my open to the internet web applications. Every web app has its own subdomain, e.g. app1.mycompanydomain.com and app2.mycompanydomain.com. All of the incoming traffic ...
user avatar
  • 369
1vote
0answers
53views

Terminology: What does it mean when an email is "in the clear"?

A practice exam question is formulated as such: "Person A sends an e-mail to person B via. a HTTPS connection. Can an attacker read the e-mail in the clear?" I haven't encountered the phrasing "in ...
user avatar
1vote
1answer
107views

How secure is Aamazon Kinesis endpoint? Does the Kinesis Producer Library (KPL) securely sends messages to Kinesis endpoint?

I am building Amazon Kinesis based streaming data ingestion from on-prem data source. I can use the Kinesis Producer Library (KPL) to produce messages to Kinesis Data Stream. I wanted to know how ...
user avatar
1vote
0answers
52views

What are the security risks of accessing a password protected website from within a private iOS app by embedding the password in the URL?

I would like to develop a privately distributed iOS app with jasonette that acts as a gateway to my password protected website. The credentials to access the website would be embedded directly in the ...
user avatar
1vote
1answer
97views

trying to secure website but also keep Home (index) page public MCV5 asp.net identity

I have a site with a few pages and I implemented login and register. then I implemented SSL and added redirects for anyone trying to access the site without HTTPS with the following code: first I ...
user avatar
  • 401
1vote
0answers
75views

Rails: can http_basic_authenticate_with be done securely over HTTPS / SSL?

I'm having some trouble understanding how http_basic_authenticate_with works in Ruby on Rails. By default, I believe it sends the username and password to the server unencrypted via the HTTP protocol. ...
user avatar
1vote
0answers
364views

Development Site - This site can’t provide a secure connection

I have moved a client website across to a subdomain of my companies website for development. The client website has a working SSL certificate. Successfully redirects to https:// - everything works a ...
user avatar
1vote
1answer
34views

Avoid man in the middle secured Cookie deletion on subsequent conexiones

Lest's imagine a bad case escenario where an attacker is able to setup a man in the middle, obviously for non secured connections (HTTP:80) on first connection: 1- cliente request example.com 2- ...
user avatar
  • 434

15 30 50 per page
1
2 3 4 5
7