httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Dewhirst <mi...@dewhirst.com.au>
Subject Re: [users@httpd] Internet Web Server/Client Guru needed!!
Date Thu, 24 Nov 2005 02:36:10 GMT
bruce wrote:
> Hi...

Try Ivan Ristic's Apache Security published by O'Reilly. Ivan says on 
page 82 that SSL with both server and client authentication is the only 
solution to MITM attacks.

I would start with his book then seek out a guru. I'd know much better 
what to ask. I think Apache Security is brilliant.

Good luck

Mike

> 
> I'm working on a project, and need to know if there's anyone who's a guru
> with Web Server/Client interactions. Basically, I'm trying to get a much
> better/deeper understanding of the HTTP protocols defining the information
> that is sent/transfered between the web server/client browser apps.
> 
> I'm also interested in understanding what the various information is that
> gets transfered between the apps, as well as understanding what information
> can be spoofed/altered on the client side, as it goes back to the server.
> 
> I know about the querystring information (post/get/request/etc...). I'm more
> interested in the information that can be sent/viewed behind the scenes like
> header, ip addresses, mac addresses, machine IDs, etc... I'm also trying to
> understand just how much information can be seen by the web srever, from the
> browser/client app. At the same time, I'm curious as to just what the web
> server can get from the client app. All of this applies to me trying to get
> a better understanding of 'man in the middle attacks' as they apply to
> server/browser communications.
> 
> Searching google isn't getting me what i really want!!
> 
> So, if you have the skills/expertise in this area, and you're willing to
> talk to me for a few minutes, I'd appreciate it. As stated, the underlying
> reason for the questions is to get a better understanding of 'man in the
> middle attacks' as this applies to web server apps.
> 
> Thanks
> 
> bruce
> bedouglas@earthlink.net
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message