|
Home > Archive > EAserver > June 2005 > EAServer Redirect
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| - EAServer 4.2.2. (build 42211)
hi all,
i have a web application, it's url is:
http://<hostname>:8080/xProject/
if the users access this URL, how do i redirect it to, let's
say..
https://<hostname>:8090/xProject/
| |
| Carson Hager 2005-05-30, 7:24 am |
| You can let the server handle this within the web application configuration.
In the security tab of the web application, create a security constraint and
add all of the resources you want to lock down under ssl. Then select a
transport guarantee of integral or confidential. Integral locks down just
the authentication pages and confidential locks down all of the pages.
Before doing this, make sure you have an https listener set up. For more
info on this, see the EAServer docs.
Carson
<Rian> wrote in message news:429ad3c3.3d4e.1681692777@sybase.com...
>- EAServer 4.2.2. (build 42211)
>
> hi all,
>
> i have a web application, it's url is:
>
> http://<hostname>:8080/xProject/
>
> if the users access this URL, how do i redirect it to, let's
> say..
>
> https://<hostname>:8090/xProject/
| |
| Adam Simmonds 2005-06-05, 9:23 am |
| Carson Hager wrote:
> You can let the server handle this within the web application configuration.
> In the security tab of the web application, create a security constraint and
> add all of the resources you want to lock down under ssl. Then select a
> transport guarantee of integral or confidential. Integral locks down just
> the authentication pages and confidential locks down all of the pages.
> Before doing this, make sure you have an https listener set up. For more
> info on this, see the EAServer docs.
Hey dude
Can you clarify what you mean by "authentication pages"?
Cheers
a.
>
>
> Carson
>
>
> <Rian> wrote in message news:429ad3c3.3d4e.1681692777@sybase.com...
>
>
>
>
| |
| Carson Hager 2005-06-05, 1:23 pm |
| In the case of form auth, the page you specify as the logon page in the web
app properties as well as the internal "j_security_check" processing.
Carson
"Adam Simmonds" <asimmond@mail.usyd.edu.au> wrote in message
news:42a2f9c3$1@foru
ms-1-dub...[color=darkred]
> Carson Hager wrote:
>
> Hey dude
> Can you clarify what you mean by "authentication pages"?
> Cheers
> a.
>
>
>
| |
| Adam Simmonds [TeamSybase] 2005-06-05, 8:24 pm |
| Carson Hager wrote:
> In the case of form auth, the page you specify as the logon page in the web
> app properties as well as the internal "j_security_check" processing.
Ahh okay. I tried what you said using CONFIDENTIAL and it works great. I
can lock down all the pages and force it to go to the HTTPS listener.
Thanks for he tip :)
Are you aware of any extra overhead using SSL? I imagine it would make
things a little slower than using plain HTTP but just wondering if it
puts extra strain on EAServer ( running as web server as well ).
a.
>
> Carson
>
> "Adam Simmonds" <asimmond@mail.usyd.edu.au> wrote in message
> news:42a2f9c3$1@foru
ms-1-dub...
>
>
| |
| Carson Hager 2005-06-06, 3:24 am |
| There is, techincally, work involved. It depends upon the encryption
strength more than anything. Your mileage may vary. :)
C
"Adam Simmonds [TeamSybase]" <asimmond@remove.mail.usyd.edu.au> wrote in
message news:42a39142$1@foru
ms-2-dub...[color=darkred]
> Carson Hager wrote:
>
> Ahh okay. I tried what you said using CONFIDENTIAL and it works great. I
> can lock down all the pages and force it to go to the HTTPS listener.
> Thanks for he tip :)
>
> Are you aware of any extra overhead using SSL? I imagine it would make
> things a little slower than using plain HTTP but just wondering if it puts
> extra strain on EAServer ( running as web server as well ).
>
> a.
>
>
| |
| Adam Simmonds 2005-06-06, 7:24 am |
| Carson Hager wrote:
> There is, techincally, work involved. It depends upon the encryption
> strength more than anything. Your mileage may vary. :)
Yeah I thought mileage may have been an issue.
So whats an acceptable level of encryption, 40, 64, 128?
a.
>
> C
>
>
> "Adam Simmonds [TeamSybase]" <asimmond@remove.mail.usyd.edu.au> wrote in
> message news:42a39142$1@foru
ms-2-dub...
>
>
>
| |
| Carson Hager 2005-06-06, 8:25 pm |
| For most people, 40 is fine. For anything healthcare or financial, 128 is
normally required.
C
"Adam Simmonds" <asimmond@mail.usyd.edu.au> wrote in message
news:42a422e3@forums
-2-dub...[color=darkred]
> Carson Hager wrote:
>
> Yeah I thought mileage may have been an issue.
> So whats an acceptable level of encryption, 40, 64, 128?
> a.
>
>
| |
| Jonathan Baker [Sybase] 2005-06-06, 8:25 pm |
| Do you want me to crack it on my home computer, or should it take
something a little more powerful? 40 is fine, as long as no one with a
few spare AMD processors wants in. 128 would keep out all but your most
serious professional (or amateur with a computer room to spare).
Jonathan
Adam Simmonds wrote:[color=darkred
]
> Carson Hager wrote:
>
>
>
> Yeah I thought mileage may have been an issue.
> So whats an acceptable level of encryption, 40, 64, 128?
> a.
>
>
| |
| Dave Wolf 2005-06-06, 8:25 pm |
| Jonathan Baker [Sybase] wrote:[color=darkred
]
> Do you want me to crack it on my home computer, or should it take
> something a little more powerful? 40 is fine, as long as no one with a
> few spare AMD processors wants in. 128 would keep out all but your most
> serious professional (or amateur with a computer room to spare).
>
>
> Jonathan
>
>
>
> Adam Simmonds wrote:
>
Lets be fair. The RSA challenge cracked a 40bit key in 3.5hrs using 250
PC's. With a single PC that would say it would take at least 4 months
to sweep the whole keyspace.
Now thats only 40bits. If you extrapolate that performance over the
entire 128bit keyspace it ends up being somewhere just shy of an epoch.
I think thats OK for most people!
Dave Wolf
Cynergy Systems
http://www.cynergysystems.com
| |
| Adam Simmonds 2005-06-07, 3:24 am |
| Dave Wolf wrote:
> Jonathan Baker [Sybase] wrote:
>
>
>
> Lets be fair. The RSA challenge cracked a 40bit key in 3.5hrs using 250
> PC's. With a single PC that would say it would take at least 4 months
> to sweep the whole keyspace.
>
> Now thats only 40bits. If you extrapolate that performance over the
> entire 128bit keyspace it ends up being somewhere just shy of an epoch.
>
> I think thats OK for most people!
thanks guys, funny how an innocent question can draw you experts in <vbg>
a.
| |
| Jonathan Baker [Sybase] 2005-06-07, 1:24 pm |
| Dave, you're absolutely right. It took 250 machines at Berkeley 3.5
hours to crack the code. Um... one small detail, though... that was in
1997!
Integrating that little space time fact in to our thinking. Hm...
Moore's Law = 8 years, 1.5 years per double of power, that means we are
now running 32 times faster than 1997. A little math on my trusty DSP
machine says it would now take 7.8 machines 3.5 hours to accomplish the
same thing. Or, my two computers here could do it in 14 hours. Okay,
that's home based cracking.
Basically, in 1997 the RSA said that 40 bit keys were NOT okay for the
federal government (even though they said they were), and pushed towards
128 bit keys for thorough encryption. And, knowing how resourceful
software developers are, and how much they like challenges, I would
assume some are working on automated ways to push through 40 bit keys.
Think about it - how many local machines are infected with a virus that
keeps pinging your routers. Now imagine a hacker club harnessing a few
hundred of those machines on your key. Just for the heck of it, of
course. So, I would take the safe side of that bet.
Just a few thoughts.
Jonathan
Dave Wolf wrote:
> Jonathan Baker [Sybase] wrote:
>
>
>
> Lets be fair. The RSA challenge cracked a 40bit key in 3.5hrs using 250
> PC's. With a single PC that would say it would take at least 4 months
> to sweep the whole keyspace.
>
> Now thats only 40bits. If you extrapolate that performance over the
> entire 128bit keyspace it ends up being somewhere just shy of an epoch.
>
> I think thats OK for most people!
>
> Dave Wolf
> Cynergy Systems
> http://www.cynergysystems.com
| |
| Dave Wolf 2005-06-07, 8:24 pm |
| Jonathan Baker [Sybase] wrote:
> Dave, you're absolutely right. It took 250 machines at Berkeley 3.5
> hours to crack the code. Um... one small detail, though... that was in
> 1997!
>
> Integrating that little space time fact in to our thinking. Hm...
> Moore's Law = 8 years, 1.5 years per double of power, that means we are
> now running 32 times faster than 1997. A little math on my trusty DSP
> machine says it would now take 7.8 machines 3.5 hours to accomplish the
> same thing. Or, my two computers here could do it in 14 hours. Okay,
> that's home based cracking.
>
> Basically, in 1997 the RSA said that 40 bit keys were NOT okay for the
> federal government (even though they said they were), and pushed towards
> 128 bit keys for thorough encryption. And, knowing how resourceful
> software developers are, and how much they like challenges, I would
> assume some are working on automated ways to push through 40 bit keys.
> Think about it - how many local machines are infected with a virus that
> keeps pinging your routers. Now imagine a hacker club harnessing a few
> hundred of those machines on your key. Just for the heck of it, of
> course. So, I would take the safe side of that bet.
>
> Just a few thoughts.
>
>
> Jonathan
>
>
>
I'm not professing the use of 40bit keys, just the hyperbole that one
AMT and 2 hours could do it :)
That said, the real trick is which math major will figure out how to
short circuit factoring a polynomial. First Out Inner Last (its like
being in grade school again). Its bound to happen.
Did you notice someone found colisions in the MD5 algorithm.... Give um
time, they'll short circuit the polynomials.
Eliptical curves... yeah that's it ;)
Dave Wolf
Cynergy Systems
http://www.cynergysystems.com
[color=darkred]
>
>
> Dave Wolf wrote:
>
|
|
|
|
|