Re: HttpWebRequest encryption?

From: Mike Cronin via DotNetMonster.com (forum_at_DotNetMonster.com)
Date: 03/21/05

• Next message: idi_amin: "Re: How many .NET developers worldwide?"
• Previous message: idi_amin: "RE: 1,596 problems in .Net 1.1"
• In reply to: Nick Malik [Microsoft]: "Re: HttpWebRequest encryption?"
• Next in thread: Nick Malik [Microsoft]: "Re: HttpWebRequest encryption?"
• Reply: Nick Malik [Microsoft]: "Re: HttpWebRequest encryption?"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 21 Mar 2005 19:12:15 GMT

If a 128-bit encrypted client sends an HTTPS POST request to a server that
handles 128-bit encryption, does the client need to do anything more than
what follows...

String url = "https://securesite.com?user=xxx&password=yyy";
HttpWebRequest webRequest = (HttpWebRequest)WebRequest.Create(url);
webRequest.set_ContentType("application/x-www-form-urlencoded");
webRequest.set_ContentLength(query.length());
webRequest.set_Method("POST");
StreamWriter sw = new StreamWriter(webRequest.GetRequestStream());
sw.Write(query.ToString());
sw.Close();

Under the circumstances mentioned, will this simple request produce a 128-
bit encrypted POST?

Is there no need to use System.Security.Cryptography.X509Certificates?

I just need to be clear on the level of encryption.

Any assistance is most appreciated!

Mike Cronin

-- 
Message posted via http://www.dotnetmonster.com

---

• Next message: idi_amin: "Re: How many .NET developers worldwide?"
• Previous message: idi_amin: "RE: 1,596 problems in .Net 1.1"
• In reply to: Nick Malik [Microsoft]: "Re: HttpWebRequest encryption?"
• Next in thread: Nick Malik [Microsoft]: "Re: HttpWebRequest encryption?"
• Reply: Nick Malik [Microsoft]: "Re: HttpWebRequest encryption?"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: HttpWebRequest encryption? ... server side. ... You do not need to use any encryption APIs. ... > If a 128-bit encrypted client sends an HTTPS POST request to a server that ... (microsoft.public.dotnet.general) [NT] Multiple Vulnerabilities in HP Web JetAdmin (Read, Write, Execute, Path Disclosure, Password De ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... HP Web JetAdmin is an enterprise management system for large amounts of HP ... The web server is a modular service ... HP Web JetAdmin uses it's own encryption. ... (Securiteam) Re: Advice needed on secure remote datacenter and secure communication ... fair bit of time working with windows server, ... as for VPN, ... Addressing your issue with PGP encryption on sensitive files, ... (alt.computer.security) Re: Proposal for Lite Encryption for Login Form without SSL ... the form uses javascript to hash the password ... This way the password is not sent to the server ... This would be the equivalent to a public key in public key encryption ... (comp.lang.php) Re: Socket Server with Encryption help ... Before the client ... Authentication protocols are fiercely difficult to get right. ... by Needham and Schroeder "Using encryption for authentication in large ... Client connects into Server and Server accepts the connection. ... (microsoft.public.dotnet.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)