| Time |
S |
Nick |
Message |
| 00:06 |
|
|
lemur joined #rest |
| 00:12 |
|
|
lemur joined #rest |
| 00:14 |
|
|
begriffs joined #rest |
| 00:21 |
|
|
lemur joined #rest |
| 00:47 |
|
|
lemur joined #rest |
| 01:06 |
|
|
lemur joined #rest |
| 01:12 |
|
|
lemur joined #rest |
| 01:34 |
|
|
shrink0r joined #rest |
| 01:42 |
|
|
lemur joined #rest |
| 01:49 |
|
|
DrCode joined #rest |
| 01:52 |
|
|
lemur joined #rest |
| 02:02 |
|
|
lemur joined #rest |
| 02:18 |
|
|
shrink0r_ joined #rest |
| 02:21 |
|
|
lemur joined #rest |
| 02:22 |
|
|
shrink0r joined #rest |
| 02:24 |
|
|
lemur joined #rest |
| 02:48 |
|
|
marcoslamuria joined #rest |
| 03:00 |
|
|
shrink0r_ joined #rest |
| 03:02 |
|
|
shrink0r joined #rest |
| 03:03 |
|
|
shrink0r_ joined #rest |
| 03:16 |
|
|
begriffs joined #rest |
| 03:57 |
|
|
systmkor joined #rest |
| 04:12 |
|
|
systmkor2 joined #rest |
| 04:20 |
|
|
shrink0r joined #rest |
| 04:22 |
|
|
shrink0r_ joined #rest |
| 04:25 |
|
|
systmkor3 joined #rest |
| 04:31 |
|
|
systmkor1 joined #rest |
| 04:51 |
|
|
shrink0r joined #rest |
| 04:52 |
|
|
systmkor2 joined #rest |
| 05:07 |
|
|
shrink0r_ joined #rest |
| 05:08 |
|
|
shrink0r joined #rest |
| 05:19 |
|
|
shrink0r_ joined #rest |
| 05:21 |
|
|
shrink0r joined #rest |
| 06:46 |
|
|
begriffs joined #rest |
| 06:57 |
|
|
DrCode joined #rest |
| 07:24 |
|
|
_ollie joined #rest |
| 07:41 |
|
|
shrink0r joined #rest |
| 08:13 |
|
|
systmkor joined #rest |
| 09:12 |
|
|
systmkor1 joined #rest |
| 09:26 |
|
|
Merlijn_ joined #rest |
| 09:28 |
|
|
systmkor2 joined #rest |
| 09:30 |
|
|
shrink0r joined #rest |
| 09:52 |
|
|
interop_madness joined #rest |
| 10:01 |
|
|
martinfilliau joined #rest |
| 10:02 |
|
|
quimrstorres joined #rest |
| 10:27 |
|
|
derka joined #rest |
| 10:29 |
|
|
quimrstorres joined #rest |
| 10:33 |
|
|
Left_Turn joined #rest |
| 10:39 |
|
|
fumanchu joined #rest |
| 11:19 |
|
|
shrink0r joined #rest |
| 11:28 |
|
|
derka_ joined #rest |
| 11:29 |
|
|
quimrstorres joined #rest |
| 12:25 |
|
|
Left_Turn joined #rest |
| 12:33 |
|
|
lemur joined #rest |
| 12:37 |
|
|
_ollie joined #rest |
| 13:03 |
|
|
aGHz joined #rest |
| 13:04 |
|
|
quimrstorres joined #rest |
| 13:08 |
|
|
shrink0r joined #rest |
| 13:28 |
|
|
lemur joined #rest |
| 13:33 |
|
|
shrink0r joined #rest |
| 13:44 |
|
|
Schrodinger`sCat joined #rest |
| 13:48 |
|
|
shrink0r joined #rest |
| 14:05 |
|
|
_ollie joined #rest |
| 14:12 |
|
|
nkoza joined #rest |
| 14:28 |
|
|
quimrstorres joined #rest |
| 16:01 |
|
|
shrink0r joined #rest |
| 16:02 |
|
|
guzzlefry joined #rest |
| 16:37 |
|
|
begriffs joined #rest |
| 16:44 |
|
|
guzzlefry joined #rest |
| 16:53 |
|
|
lemur joined #rest |
| 17:01 |
|
|
Crippy joined #rest |
| 17:50 |
|
|
shrink0r joined #rest |
| 18:26 |
|
|
prisonerZer0 joined #rest |
| 18:41 |
|
|
adaro joined #rest |
| 18:41 |
|
adaro |
ka |
| 18:45 |
|
whartung |
la |
| 18:46 |
|
whartung |
Ok REST cogniescenti, speaking of nothing in particular. Convince me why HTTP BASIC over SSL is inadequate for service security. |
| 18:53 |
|
adaro |
its not |
| 18:53 |
|
fumanchu |
its ugly to users |
| 18:53 |
|
fumanchu |
it's* |
| 18:53 |
|
adaro |
or well it depends on the requirements |
| 18:53 |
|
whartung |
what does this have to do with users? |
| 18:54 |
|
fumanchu |
</sarcasm> that's the only "inadequate" argument I've ever come across ;) |
| 18:55 |
|
whartung |
what, no desk pounding about SSL vulnerabilitles and NSA middle men? |
| 18:56 |
|
fumanchu |
I assumed "Basic over SSL" could include TLS |
| 18:56 |
|
whartung |
SSL == TLS, they just changed the name |
| 18:57 |
|
adaro |
I mean if you are a bank you might want something stronger |
| 18:57 |
|
whartung |
because you don't trust TLS? |
| 18:57 |
|
adaro |
but for 99% of the usecases basic auth + ssl should be good enough |
| 19:14 |
|
|
prisonerZer0 joined #rest |
| 19:16 |
|
|
_ollie joined #rest |
| 19:19 |
|
|
bigbluehat joined #rest |
| 19:19 |
|
|
_ollie joined #rest |
| 19:34 |
|
|
shrink0r joined #rest |
| 19:46 |
|
|
systmkor3 joined #rest |
| 19:47 |
|
pdurbin |
whartung: what are you sending over HTTP Basic? usernames and passwords? or API tokens? |
| 19:49 |
|
|
systmkor4 joined #rest |
| 19:54 |
|
|
shrink0r_ joined #rest |
| 19:55 |
|
|
shrink0r joined #rest |
| 20:07 |
|
|
shrink0r_ joined #rest |
| 20:08 |
|
|
shrink0r joined #rest |
| 20:32 |
|
aGHz |
pdurbin: HTTP Basic sends username and password (base64-encoded) |
| 20:33 |
|
aGHz |
whartung: because most client implementors will choose to ignore CA errors, thereby negating the security of TLS in the case of MITM |
| 21:14 |
|
|
marcoslamuria joined #rest |
| 21:24 |
|
|
shrink0r_ joined #rest |
| 21:43 |
|
pdurbin |
aGHz: sure, but you could send a token for the username |
| 21:48 |
|
whartung |
but that was the entire crux of my question. You look at something like what AWS does, and the complexity of the signature, etc. and wonder "but, if this is over HTTPS, does this really gain anything substantial?" |
| 21:49 |
|
whartung |
since the market is driving towards "pure" HTTPS, is BASIC adequate. |
| 23:56 |
|
|
begriffs joined #rest |
