... Cool! I'll have to remember this. One minor point. You write "The HTTP spec doesn't say we're allowed to have URLs with usernames and passwords in them so...
Elliotte Harold
elharo@...
Jun 1, 2006 12:53 pm
6296
... Actually it *is* the HTTP spec that is important here - in how it uses the URI spec in defining HTTP URIs (not all items that can be parts of a valid URI...
We’ve known for a long time that cookies are are deeply antithetical to the design of HTTP and the Web (#1). We’ve known they are used to track users and...
Elliotte Harold
elharo@...
Jun 2, 2006 11:53 am
6298
... You're absolutely right that Amazon should offer _only_ cookie authentication for this service. But cookie authentication doesn't have to be exclusive. You...
... Correct. That's my hypothesis. I have no inside info on how Amazon's authentication system is actually implemented. -- Elliotte Rusty Harold...
Elliotte Harold
elharo@...
Jun 2, 2006 5:51 pm
6301
Does anybody have a recent example of a high-profile public SOAP interface being announced? I've only heard of REST (or at least semi-RESTful) interfaces being...
Hi, in a recent blog entry "EAI DSL", Gergor Hohpe mentions that back in 1994 he wrote a little domain specific language to aid screen scraping based...
Hmm. This looks (at least to me) vaguely similar to Rails functional ... I wonder if there's an underlying design model one could abstract into a generic DSL...
Amazon S3 offers both HTTP & SOAP interfaces, though the latter is basically just the former with angle brackets and service-specific operations. Incredible; ...
I'm attempting to create a RESTful web service that will be used by (at first) browser clients (via java script from a web site). The reason I have chosen to...
... The protocol doesn't really define how to work outside the protocol. :) As such, there's no "standard" way to make a POST look like a PUT or DELETE. Most...
... <stuart_holcombe@...> wrote: {snip} ... Tha answer is to use the IHttpHandler interface (you will need to configure IIS to wildcard match to the aspnet...
... configure IIS to wildcard match to the aspnet runtime in order to receive directory requests You can avoid IIS if you want - .NET 2.0 has a very nice way...
... After 9 years of dealing with cookies (since RFC 2109 from 1997) I think the problems with cookies are well understood. There isn't much point in compiling...
Checking my (possibly lack of ) understanding of ssl. Scenario. A client, no keystore. A server with a keypair Public and private keys. I'm being told that...
... Right ... Why do you say "seems little better than using PKI"? It does use PKI. -- 犬 Chris Burdess "They that can give up essential liberty to obtain a...
Chris Burdess
dog@...
Jun 12, 2006 11:36 am
6315
... Sorry about the above, brain dead mailserver misconfiguration. Obviously this is not confidential in any way. -- 犬 Chris Burdess "They that can give up...
Chris Burdess
dog@...
Jun 12, 2006 11:59 am
6316
Keys are certificates. So the client must validate the server certificate in order to ensure the server identity. The client must ask the user or use a list of...
... It should all be more highlevel than that. From the HTTP point of view the interaction should just be: CL: > PUT https://server/someresource SRV: < 200 (or...
... Quite on line with this, Mark sent <quote> The client makes a connection, usually to port 443, on which the server is listening using SSL. There is some...
... You're trying to write an SSL/TLS client? That seems wrong. You should just use JSSE's javax.net.ssl.HttpsURLConnection to open a connection like so: URL u...
... SSL is configurable to allow different levels of authentication - by default the client authenticates the server against a list of authorities. We set up...
... Tracy> After 9 years of dealing with cookies (since RFC 2109 from 1997) I think Tracy> the problems with cookies are well understood. There isn't Tracy>...
One more additional thought. If i need the server to be able to verify the authenticity of the client, should the client generate a key (keytool etc), then ...
... Not from the bottom up. simply configure a client to use ssl, then IIS to do the right thing with the certificates. ... Setting up JSSE, with the right...
... Yes, that's just what I want David. Do the client and server have identical certificates? I'd understood that one (classically the server) had a private...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
