Hello,
I noticed in Wireshark that the traffic that goes to the cloud service is using HTTP only. The header contains the authorization field with the Base64 encoded copy of the API secret. Is there anyway to configure the client to communicate through HTTPS?
Thanks,
Clement
Edit: sorry I typed it in a haste, fixed some mistakes. But I am concerned about the security of this traffic even though it is server to server. I just need to know whether or not SSL can be enforced or if the current client can communicate via HTTPS. Thanks.
Configuration for Cloud Service
Re: Configuration for Cloud Service
Hi Clement,
During the design of the WURFL Cloud Service we made the decision not to support SSL connections due to the fact that SSL negotiation/handshaking significantly increases latency for a limited benefit. Our feeling is that the risk of providing the API credentials in clear text is worth the benefit of the decreased latency. Is there a reason why you are particularly concerned about the API key?
During the design of the WURFL Cloud Service we made the decision not to support SSL connections due to the fact that SSL negotiation/handshaking significantly increases latency for a limited benefit. Our feeling is that the risk of providing the API credentials in clear text is worth the benefit of the decreased latency. Is there a reason why you are particularly concerned about the API key?
Thanks,
Steve Kamerman
ScientiaMobile
Make sure you check out our WURFL Cloud, WURFL InSight and WURFL InFuze products!
Steve Kamerman
ScientiaMobile
Make sure you check out our WURFL Cloud, WURFL InSight and WURFL InFuze products!
Re: Configuration for Cloud Service
It is just a general security concern. I suppose it is fine given that the communication is between server to server. It was just something that caught my eye.
Thanks for the prompt response.
Clement
Thanks for the prompt response.
Clement
Re: Configuration for Cloud Service
I can certainly understand your concern. Currently you cannot enforce an SSL connection. In any case, we would likely use a pre-shared key / hashing mechanism to secure the credentials in transit instead of SSL due to the aforementioned latency issues with the SSL handshake.
Thanks,
Steve Kamerman
ScientiaMobile
Make sure you check out our WURFL Cloud, WURFL InSight and WURFL InFuze products!
Steve Kamerman
ScientiaMobile
Make sure you check out our WURFL Cloud, WURFL InSight and WURFL InFuze products!
Re: Configuration for Cloud Service
It looks like the only practical solution is to compile our client with a different version of the JSON DLL. Can you send us the Newtonsoft.Json.dll that your CMS is using to support@[our domain name], or tell me how to obtain that DLL, so we can figure out how to proceed?
Who is online
Users browsing this forum: No registered users and 66 guests