posted 11 years ago
I have a central admin instance of an app where judge accounts are created. In order to use this judge account, a judge instance of the app from another computer needs to authenticate with the central admin. A user instance of the app will send something to the admin, who will push it off to one of the judges.
The judges need to be able to login and authenticate with the admin. The main problem is that since every one will be on the same network and without SSL (I have no control over this) someone could sniff whatever the judge sends to the admin, and send that data himself and become authenticated as a judge.
If SSL is really the correct way to do this, then is there a way to use it without the end user having to manually do anything? I am using Socket based communication.