HTTPS to validate user
Moderator: admin
-
- Posts: 17
- Joined: Wed Jan 07, 2015 11:33 pm
- Contact:
HTTPS to validate user
How can you use HTTPS response stream to validate user.
-
- Site Admin
- Posts: 10065
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: HTTPS to validate user
HTTPS uses a secure transport layer protocol that is based on exchange of certificates between the client and the server. It is therefore technically possible to make use of the client certificate to validate the user. However, mostly it is used for authenticating the server i.e. the browser makes uses of the server's certificate to validate the server.
HTH,
Paul.
HTH,
Paul.
If you like our products and services, please help us by posting your review here.
-
- Posts: 17
- Joined: Wed Jan 07, 2015 11:33 pm
- Contact:
Re: HTTPS to validate user
Yeah you are right but flow of certificates would be from client to server (i.e. request object). How a server can access Client's certificates with HTTPS response stream . which is answer saying .
"If a web application uses HTTPS, the HTTPS response stream may be used to identity the client."
"If a web application uses HTTPS, the HTTPS response stream may be used to identity the client."
-
- Site Admin
- Posts: 10065
- Joined: Fri Sep 10, 2010 9:26 pm
- Contact:
Re: HTTPS to validate user
Though not required for the exam, you need to read about SSL to understand this. SSL allows the client to authenticate itself to the server as well. Server can request client's certificates. It is a part of the client server handshake.
http://www.pierobon.org/ssl/ch2/detail.htm
http://www.pierobon.org/ssl/ch2/detail.htm
If you like our products and services, please help us by posting your review here.
Who is online
Users browsing this forum: No registered users and 141 guests