Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Http AES Content-Encoding Headers

 
Craig Taylor
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm currently in the process of implementing AES encryption for a library module -- the requirements are for encryption but not client authentication (hence no needs for HTTPs).

Is there a standard for encryption over HTTP via perhaps the content-encoding? If so, where / how? Otherwise I'm considering making my own content encoding, eg: AESGZIP and calling it a day.

Thanks,
 
Eric Pascarello
author
Rancher
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well if you want to do it in JavaScript, remember that any man in the middle attack can read the key that is in plain text if it is sent down with the html page. Only real secure way is https.

Eric
 
Craig Taylor
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'll be doing it in Java on both the client and server side - no javascript.

In short, I just want to encrypt the data - Both the client and server are controlled by me - I just want to ensure the data is secure across the network and I'm not able to deposit HTTPs keys on the hosts (cost, multiple transport points etc).
 
Eric Pascarello
author
Rancher
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So you are running an applet on the clientside than?

Eric
 
Craig Taylor
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No - I've got an application listening on a port handling HTTP incoming requests - not using Tomcat / Apache at all.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic