Page 1 of 1
HTTPS to validate user
Posted: Thu Jan 07, 2016 2:08 pm
by gupta.v21
How can you use HTTPS response stream to validate user.
Re: HTTPS to validate user
Posted: Thu Jan 07, 2016 8:41 pm
by admin
HTTPS uses a secure transport layer protocol that is based on exchange of certificates between the client and the server. It is therefore technically possible to make use of the client certificate to validate the user. However, mostly it is used for authenticating the server i.e. the browser makes uses of the server's certificate to validate the server.
HTH,
Paul.
Re: HTTPS to validate user
Posted: Fri Jan 08, 2016 2:59 pm
by gupta.v21
Yeah you are right but flow of certificates would be from client to server (i.e. request object). How a server can access Client's certificates with HTTPS response stream . which is answer saying .
"If a web application uses HTTPS, the HTTPS response stream may be used to identity the client."
Re: HTTPS to validate user
Posted: Fri Jan 08, 2016 5:12 pm
by admin
Though not required for the exam, you need to read about SSL to understand this. SSL allows the client to authenticate itself to the server as well. Server can request client's certificates. It is a part of the client server handshake.
http://www.pierobon.org/ssl/ch2/detail.htm