Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

sharing secret without ssl

by Sixtease (Friar)
on Feb 11, 2011 at 12:54 UTC ( #887611=perlquestion: print w/ replies, xml ) Need Help??
Sixtease has asked for the wisdom of the Perl Monks concerning the following question:

this is a general web-programming question

Dear monks,

Assume web application Example.com has no ssl certificate and doesn't want one. But would still like to share a secret with the visitor
(like for generating nonces, so that sniffing session cookie doesn't give an attacker the visitor's rights).

Q1: Do you see a way to exchange such a secret during OpenID login?
Assuming the OpenID provider uses ssl.

Q2: If it is not possible (like I think), what other ways do you see?
My idea is to start a dedicated, open web service, that will have an SSL certificate, and will let the client share a secret with specified service. A Catalyst controller could look like this:

sub index :Private { my ($self, $c) = @_; my $secret = random_string(); my $other_side = $c->req->params->{other_side}; my $res = $lwp_ua->get("$other_side?secret=$secret"); if ($res->is_success) { $c->response->body($secret); } }

Ideas? Does this already exist? Sorry for posting such a non-Perl-specific question / rambling.

use strict; use warnings; print "Just Another Perl Hacker\n";

Comment on sharing secret without ssl
Download Code
Re: sharing secret without ssl
by moritz (Cardinal) on Feb 11, 2011 at 13:21 UTC

      True, I just realized I can simply use Diffie-Hellman or the like.

      I consider this question solved.

      use strict; use warnings; print "Just Another Perl Hacker\n";

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://887611]
Approved by moritz
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (4)
As of 2014-09-23 05:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (210 votes), past polls