Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: HTTPS and LWP - Is my password encrypted

by sundialsvc4 (Abbot)
on Feb 06, 2014 at 21:32 UTC ( #1073768=note: print w/replies, xml ) Need Help??


in reply to HTTPS and LWP - Is my password encrypted

To assuage your immediate fears, in an HTTPS (that is, SSL) exchange, everything in the exchange is encrypted, although you do not see the encryption/decryption being performed.   Thus, the token is not visible to anyone else . . .

. . . I - F . . . you are absolutely certain that the exchange is taking place through SSL as it should be, and as certainly appears to be the case here.   However, it still pays to make sure, for example in the server-side code (and, really, in client-side as well) that any exchanges which you expect to be encrypted, actually are.   Some systems have been exploited, in part, by sending login-request API-calls to non-encrypted versions of URLs and finding that a valid access token was returned along a wide-open channel.   Even your client-side JS code should not accept a JSON-response that came from an open channel.   (“Trust, but Verify.™”)

  • Comment on Re: HTTPS and LWP - Is my password encrypted

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1073768]
help
Chatterbox?
[Lady_Aleena]: This evening, I thought to myself, "I would love to search Netflix for 100 randomfilms from my database to see if they have them." So I went to CPAN to see if there were a modiule which could do such a thing. There is, but GUH! ...
[Lady_Aleena]: ... Does it have to be that hard and complex to use to do a search on Netflix?
Lady_Aleena grumbles.

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (5)
As of 2017-01-21 02:28 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you watch meteor showers?




    Results (180 votes). Check out past polls.