Re: [protobuf] Security Layer to make sure proto objects are not tampered when transferred over https
You could simply sign the chunk of data manually; but no - protobuf does not include any provision for this. I *imagine* because the requirements will be so different system-to-system. On 21 July 2010 11:32, Prakash Rao prakashrao1...@gmail.com wrote: curity layer to protocol buffer if I'm writing my proto objects to https output stream? In java we have sealed objects and we can have signature attached to it to make sure objects are not tampered on the receiving end. Is there something similar in protocol buffer as well? I’m just trying understand what all different options that protocol buffer provides as far security is concerned when compared to web services to make sure data is not tampered. Web services comes with good security models (such XML signature, SAML) to make sure data is not tampered. -- Regards, Marc -- You received this message because you are subscribed to the Google Groups Protocol Buffers group. To post to this group, send email to proto...@googlegroups.com. To unsubscribe from this group, send email to protobuf+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/protobuf?hl=en.
Re: [protobuf] Security Layer to make sure proto objects are not tampered when transferred over https
On Wed, Jul 21, 2010 at 03:32, Prakash Rao prakashrao1...@gmail.com wrote: Is there a way to add security layer to protocol buffer if I'm writing my proto objects to https output stream? In java we have sealed objects and we can have signature attached to it to make sure objects are not tampered on the receiving end. Is there something similar in protocol buffer as well? I’m just trying understand what all different options that protocol buffer provides as far security is concerned when compared to web services to make sure data is not tampered. Web services comes with good security models (such XML signature, SAML) to make sure data is not tampered. Protocol buffers do the encoding. They expliclitly don't add additional features that belong to the conceptual level of the transport channel. Do one thing and do it right. You can have this as simple as adding a HMAC to your message or use channels that already provide that (like an SSL channel with the appropriate options turned on). It would be just a confusing mess if each encoding scheme for data would add yet another implementation of what is already there (From your quote, apparently XML/SAML adds to that mess, but it doesn't mean that it is smart to do). It is sad that many designers of protocols mix up these layers. -h Regards, Prakash -- You received this message because you are subscribed to the Google Groups Protocol Buffers group. To post to this group, send email to proto...@googlegroups.com. To unsubscribe from this group, send email to protobuf+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/protobuf?hl=en. -- You received this message because you are subscribed to the Google Groups Protocol Buffers group. To post to this group, send email to proto...@googlegroups.com. To unsubscribe from this group, send email to protobuf+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/protobuf?hl=en.
Re: [protobuf] Security Layer to make sure proto objects are not tampered when transferred over https
Protobuf allows you to build your conceptual protocol the way you want it. If you want security features on top of it, you can either add it to your messages, or you can use a secure network layer that does the work for you. Its your call. Personally, I'm against reinventing the wheel, so I use protobuf over TLSv1 with a good set of cipher suites configured :) Marc-André LAVERDIÈRE Perseverance must finish its work so that you may be mature and complete, not lacking anything. -James 1:4 mlaverd.theunixplace.com/blog /\ \ / ASCII Ribbon Campaign X against HTML e-mail / \ 2010/7/21 Prakash Rao prakashrao1...@gmail.com: Is there a way to add security layer to protocol buffer if I'm writing my proto objects to https output stream? In java we have sealed objects and we can have signature attached to it to make sure objects are not tampered on the receiving end. Is there something similar in protocol buffer as well? I’m just trying understand what all different options that protocol buffer provides as far security is concerned when compared to web services to make sure data is not tampered. Web services comes with good security models (such XML signature, SAML) to make sure data is not tampered. Regards, Prakash -- You received this message because you are subscribed to the Google Groups Protocol Buffers group. To post to this group, send email to proto...@googlegroups.com. To unsubscribe from this group, send email to protobuf+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/protobuf?hl=en. -- You received this message because you are subscribed to the Google Groups Protocol Buffers group. To post to this group, send email to proto...@googlegroups.com. To unsubscribe from this group, send email to protobuf+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/protobuf?hl=en.