Beefy Boxes and Bandwidth Generously Provided by pair Networks Joe
Perl-Sensitive Sunglasses
 
PerlMonks  

sharing secret without ssl

by Sixtease (Friar)
on Feb 11, 2011 at 12:54 UTC ( #887611=perlquestion: print w/ replies, xml ) Need Help??
Sixtease has asked for the wisdom of the Perl Monks concerning the following question:

this is a general web-programming question

Dear monks,

Assume web application Example.com has no ssl certificate and doesn't want one. But would still like to share a secret with the visitor
(like for generating nonces, so that sniffing session cookie doesn't give an attacker the visitor's rights).

Q1: Do you see a way to exchange such a secret during OpenID login?
Assuming the OpenID provider uses ssl.

Q2: If it is not possible (like I think), what other ways do you see?
My idea is to start a dedicated, open web service, that will have an SSL certificate, and will let the client share a secret with specified service. A Catalyst controller could look like this:

sub index :Private { my ($self, $c) = @_; my $secret = random_string(); my $other_side = $c->req->params->{other_side}; my $res = $lwp_ua->get("$other_side?secret=$secret"); if ($res->is_success) { $c->response->body($secret); } }

Ideas? Does this already exist? Sorry for posting such a non-Perl-specific question / rambling.

use strict; use warnings; print "Just Another Perl Hacker\n";

Comment on sharing secret without ssl
Download Code
Re: sharing secret without ssl
by moritz (Cardinal) on Feb 11, 2011 at 13:21 UTC

      True, I just realized I can simply use Diffie-Hellman or the like.

      I consider this question solved.

      use strict; use warnings; print "Just Another Perl Hacker\n";

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://887611]
Approved by moritz
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (5)
As of 2014-04-19 18:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (483 votes), past polls