HTTPS to validate user

Moderator: admin

Post Reply
gupta.v21
Posts: 17
Joined: Wed Jan 07, 2015 11:33 pm
Contact:

HTTPS to validate user

Post by gupta.v21 »

How can you use HTTPS response stream to validate user.

admin
Site Admin
Posts: 10036
Joined: Fri Sep 10, 2010 9:26 pm
Contact:

Re: HTTPS to validate user

Post by admin »

HTTPS uses a secure transport layer protocol that is based on exchange of certificates between the client and the server. It is therefore technically possible to make use of the client certificate to validate the user. However, mostly it is used for authenticating the server i.e. the browser makes uses of the server's certificate to validate the server.

HTH,
Paul.
If you like our products and services, please help us by posting your review here.

gupta.v21
Posts: 17
Joined: Wed Jan 07, 2015 11:33 pm
Contact:

Re: HTTPS to validate user

Post by gupta.v21 »

Yeah you are right but flow of certificates would be from client to server (i.e. request object). How a server can access Client's certificates with HTTPS response stream . which is answer saying .
"If a web application uses HTTPS, the HTTPS response stream may be used to identity the client."

admin
Site Admin
Posts: 10036
Joined: Fri Sep 10, 2010 9:26 pm
Contact:

Re: HTTPS to validate user

Post by admin »

Though not required for the exam, you need to read about SSL to understand this. SSL allows the client to authenticate itself to the server as well. Server can request client's certificates. It is a part of the client server handshake.
http://www.pierobon.org/ssl/ch2/detail.htm
If you like our products and services, please help us by posting your review here.

Post Reply

Who is online

Users browsing this forum: No registered users and 31 guests