Re: Wrapping TCP communications in HTTP

Well, of course this helps nothing with security :). I just noticed
the intent of the original post. I've been handling this in the
completely wrong direction...

To OP: HTTP won't help you a bit since it's not a secure protocol.
You need to use SSL/TLS to encrypt your data. If you are worried
about firewalls blocking ports, use the HTTPS port 443.

--
=====================================
Alexander Nickolov
Microsoft MVP [VC], MCSD
email: agnickolov@xxxxxxxx
MVP VC FAQ: http://www.mvps.org/vcfaq
=====================================

"Steve Alpert" <sra@xxxxxxxxxxxxxxxxx> wrote in message
news:OHT7gEc%23FHA.2176@xxxxxxxxxxxxxxxxxxxxxxx
> Mick wrote:
>> We have a set of applications that use TCP sockets (winsock2) to
>> communicate between machines. To communicate, a client machine
>> establishes a TCP socket connection to a server, then sends and receives
>> messages using our own proprietary protocol. We have developed and tested
>> all of this and it works fine. Now, because of firewall security issues
>> at some of our customer sites, we would like to wrap these communications
>> in the HTTP protocol. Is it possible to do this? If so, what would be
>> required to implement this?
>>
>> I know very little about HTTP, but my understanding is that HTTP
>> communications requires that you establish a session with a server, send
>> request messages to the server, and then wait to receive a response.
>> Would this require us to scrap our existing socket implementation, or can
>> we just wrap our messages in HTTP?
>>
>> Any advice on how to implenent this will be much appreciated. Thanks!
>>
>
> Although likely, most firewalls block ports and not protocols. That
> suggests they leave open port 80 (assuming http) and 443 (assuming https).
> They MAY check the envelopes but then again, maybe not!
>
> /steveA
>
> --
> Steve Alpert
> my email Fgrir_Nycreg @ vqk.pbz is encrypted with ROT13 (www.rot13.org)
> and spaces
>


.

Relevant Pages

  • RE: [Full-Disclosure] Apparently the practice was prevalent
    ... > Agreed, but you see, RFC 2616 defines more than just the ... > HTTP protocol. ... It defines the protocol. ... security is the least of your concerns. ...
    (Full-Disclosure)
  • Re: History
    ... > Thomas 'PointedEars' Lahn wrote: ... >> Your misuse of the term `same security protocol' confused me. ... >> HTTPS are only transfer protocols. ...
    (comp.lang.javascript)
  • WhiteHat Arsenal 1.06 Beta Released
    ... fitted with an HTTP Response Code lookup utility. ... WHArsenal the best web application security product available. ... WhiteHat Arsenal logs all HTTP Request activities in either XML or HTML ... The Session Manager keeps log files ...
    (SecProg)
  • [NEWS] Cisco Web-Browser Interface Vulnerability
    ... Get your security news from a reliable source. ... Cisco IOS Software Release 12.3JA ... HTTP secure) are not vulnerable. ... http server or ip http secure-server. ...
    (Securiteam)
  • [NEWS] Firewall-1 HTTP Security Server - Proxy Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A security vulnerability in the way Checkpoint's Firewall-1 handles ... AllUsers@SomeNet webserver http UserAuth Long Allow Auth HTTP ... It appears that the default for the HTTP Security server is to allow any ...
    (Securiteam)