greptilian logo

IRC log for #friendlyjava, 2020-02-11

##friendlyjava on freenode

| Channels | #friendlyjava index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

All times shown according to UTC.

Time S Nick Message
06:41 mr_lou joined ##friendlyjava
06:41 Jantz joined ##friendlyjava
10:35 kirua joined ##friendlyjava
12:13 Jantz joined ##friendlyjava
15:09 mr_lou I've made a small webserver for my BD-J stuff....  any advice on adding SSL to something like that, when trafic will also be via a standard IP address?
15:27 aditsu mr_lou: you mean like https://(ip address)?
15:56 mr_lou Yup
15:57 aditsu https://stackoverflow.com/questions/2043617/is-it-possible-to-have-ssl-certificate-for-ip-address-not-domain-name
16:03 mr_lou Yes I found that too actually.
16:04 mr_lou The next problem is that I don't know pre-hand what the IP address will be....
16:04 mr_lou I can in theory be anything.
16:05 mr_lou *It
16:10 aditsu is it dynamic?
16:17 mr_lou It's an administration interface for a display system. The IP will depend on the network it's installed in. So it'll always be different.
16:18 mr_lou I would still like to offer secure trafic though.
16:18 mr_lou So some sniffer can't just sniff the password.
16:19 aditsu do you have any control over the client side?
16:20 mr_lou What do you mean control? My server sends the HTML. That's about it.
16:20 aditsu that's a no then
16:22 aditsu well, then it's pretty much like a router, basically all the ones I've worked with come with a self-signed certificate that will give a warning when you connect
16:22 aditsu or perhaps with a certificate for a domain name that doesn't match the ip
16:37 mr_lou yea, that's true. It's basically the same as with office hardware too, like printers wiht a web interface.
16:37 aditsu yeah, same thing
16:38 mr_lou It is silly though, that users are warned about the certificates though.
16:39 aditsu well, the issue is the possibility of a MITM attack
16:40 aditsu https is designed to ensure both encryption and authentication of the server
16:40 aditsu at the same time
16:41 aditsu it would be nice if there was an "encryption-only" option for this kind of case
16:42 aditsu but even without encryption, you can avoid transmitting the plain password
16:43 aditsu do a salted hash on the client side and send that
16:44 Jantz joined ##friendlyjava
17:39 mr_lou aditsu, A salted hash wouldn't prevent someone sniffing the traffic, to simply send the same trafic.
17:40 aditsu a different salt would be sent by the server every time
17:41 mr_lou But can't that be sniffed too?
17:41 aditsu yes, but after the client sends the hash, it's useless
17:42 mr_lou Yes... I see that's how I have to do it.
17:42 mr_lou thanks.
18:58 Jantz_ joined ##friendlyjava
23:12 Jantz joined ##friendlyjava

| Channels | #friendlyjava index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

##friendlyjava on freenode