On Thu, 24 Oct 2002, Cabuzel Thierry wrote:
> > -----Original Message-----
> > From: Boyle Owen [mailto:Owen.Boyle@;swx.com]
> > Sent: jeudi 24 octobre 2002 16:18
> > To: [EMAIL PROTECTED]
> > Subject: RE: Chicken and Egg
> >
> > I guess you will say, "but it's just a lab setup, I don't care about
> > authentication" - well that's fine, but why then do you need
> > encryption?
>
> Perhaps he don't need encryption too :) I am seting up a web folder on my
> web server with mod_dav. But the firewall of my company is soo old (well no
> comment :))that he doesn't reconize some of the extension of then HTTP 1.1
> protocol needed by mod_dav. He react to this by blocking theses request
> rendering my web folder unuseable. My only work around, is to put my folder
> in a ssl channel to go through the firewall letting him pass because he
> can't control what's going on :) I just need the ssl channel. I don't bother
> about the encryption (nothing would be enough as long as the firewall don't
> try to block me) and less about of the authentification :)
>
If you are gaining ssl/https, you have encryption, you just do not have
authentication. Thus you are tunneling the required needs ot the mod_dav
traffic within the encrypted ssl space to achieve your means of
circumventing the firewall/proxy wishes. You might well be better off
here working with the firewall/proxy admin to define the needs and open
the proxy to serve them properly. Otherwise, if you are circumventing
policy, you might find your access in deeper troubles once the
circumvention is discovered.
Owens' advise to the previous, primary requestor in this thread to good,
he suggests that that person actually do thing right and correct, to get
full use of what he has compiled and is trying to design, rather then
working with a semi-broken implimentation that does not fully grant the
authentication the clients of the website are going to trust and want.
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
