Cart
[Home] [By Thread] [By Date] [Recent Entries]
Original Message From: "Richard Salz" >> (It's probably been covered before, but...) I find it interesting that > using >> HTTPS allows some security, but it does mean that any perimeter firewall > can >> not inspect the contents of an exchange. > > Because of this, SSL is usually terminated in the DMZ. If necessary, a > new SSL connection will be set up from the DMZ device to the internal > system. ... I was actually referring to the firewall at the client end of the connection. (I didn't reply earlier as I was trying to work out how an HTTPS connection goes through a proxy. It seems the risk is still there. A draft version of RFC2817 was called "Tunneling TCP based protocols through Web proxy servers", and the security considerations section mentions the vulnerability.) Pete. -- ============================================= Pete Cordell Tech-Know-Ware Ltd for XML to C++ data binding visit http://www.tech-know-ware.com/lmx (or http://www.xml2cpp.com) =============================================
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
