Cryptography Reference
In-Depth Information
Figure 7-4: IE8 Internet Options
Also ensure that your client doesn't request one of the Diffi e-Hellman key
exchange protocols; this server doesn't support those yet. This is addressed in
Chapter 8.
Avoiding Common Pitfalls When Adding HTTPS
Support to a Server
The server must pay closer attention to security than the client. If the client is
compromised, one user's data is exposed; if the server is compromised, many
users' data is at risk. The developer of the server code must be more careful
to guard against security hazards such as data left over in shared cache lines.
The topic of secure programming can, and does, span entire topics. If you're
developing code that will be deployed and used in a multi-user environment,
you must be aware of these dangers.
When RSA is used for key exchange, the private key is especially vulnerable
to attack. Ensuring that it's stored encrypted on disk using a solid, secure
encryption method such as PKCS #5 is a good start. However, the private key
itself must also necessarily be stored in memory, and you must take care to
ensure that other users of the shared system that the server runs on can't, for
example, force a core dump and then read the decrypted key at their leisure.
 
Search WWH ::




Custom Search