chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eberlein, Peter" <peter.eberl...@sap.com>
Subject Re: kCMISSessionAllowUntrustedSSLCertificate
Date Fri, 17 May 2013 17:08:30 GMT
There are certainly use cases for self-signed certificates (althoug no good ones from a security
perspective). But as I said, the Objective-CMIs lib perfectly supports these use cases in
the authentication provider, there is no need to extend the HTTPRequest classes by an additional
parameter. So the right place to implement such a feature is in an authentication provider
and if there is concern that developers might struggle doing so we could either provide sample
code for this or enhance the default provider (which I obviously would not prefer, but this
is still the better option as you can completely swap out this (dangerous) provider and get
back to a secure system).

How about that for a proposal?

Peter
Mime
View raw message