[isf-wifidog] HTTPs Ping
Mina Naguib
webmaster at topfx.com
Mar 10 Mai 12:50:44 EDT 2005
On 10-May-05, at 12:42 PM, Jkx wrote:
> Mina Naguib a écrit :
>
>>
>>
>> On 10-May-05, at 12:30 PM, Jkx wrote:
>>
>>> I'm wondering. The wifidog Aps seems to ping the central server on a
>>> not SSL port
>>> even if the rest is done via the SSLPort.
>>>
>>> Can somebody light me about this ? I wrote a custom auth server, and
>>> i don't want
>>> it to support both HTTP and HTTPS ..
>>>
>>>
>>> Thanks for any help ..
>>
>>
>> At this time the WiFiDog client does not interface with OpenSSL which
>> means it cannot speak SSL/TLS and therefore can not speak HTTPS.
>
>
> Could you explain ?
> You mean, the redirect is done to a HTTPS server, but the AP <->
> server is HTTP only that it ? So the central server need
> to be HTTP and HTTPS at the same time..
> so Ping and Auth are clear text .. This sound fine, except it imply
> some extra efforts ..
You got it. That's precisely how it works right now.
Although a minor correction... ping is in cleartext, but auth is not.
Auth happens between the web browser and the central server which is
encrypted. Successful authentication results in a token which is then
later passed as cleartext between the wifidog client and the server.
That means there's no way for someone to sniff user's usernames and
passwords without being able to decrypt the HTTPS transaction.
Plus d'informations sur la liste de diffusion WiFiDog