On Monday 28 Apr 2008, valdhor wrote:
> We use SSL Encryption of the username and password as well as the data
> going over the wire.

Uh huh.

> Are you saying that it is trivial for someone to find out the source
> and destination of the encrypted SSL stream, grab this data off the
> wire and decrypt it?

I'm saying I can, and have, used WebScarab (for instance) as an SSL proxy, and 
been able to see the plain text of both request and response.
It's a free Java tool, and I've personally had it work on both WinXP and SuSE 
Linux.

-- 
Tom Chiverton
Helping to dynamically reinvent frictionless e-commerce
on: http://thefalken.livejournal.com

****************************************************

This email is sent for and on behalf of Halliwells LLP.

Halliwells LLP is a limited liability partnership registered in England and 
Wales under registered number OC307980 whose registered office address is at 
Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB.  A list 
of members is available for inspection at the registered office. Any reference 
to a partner in relation to Halliwells LLP means a member of Halliwells LLP.  
Regulated by The Solicitors Regulation Authority.

CONFIDENTIALITY

This email is intended only for the use of the addressee named above and may be 
confidential or legally privileged.  If you are not the addressee you must not 
read it and must not use any information contained in nor copy it nor inform 
any person other than Halliwells LLP or the addressee of its existence or 
contents.  If you have received this email in error please delete it and notify 
Halliwells LLP IT Department on 0870 365 2500.

For more information about Halliwells LLP visit www.halliwells.com.

------------------------------------

--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.comYahoo! 
Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/flexcoders/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/flexcoders/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:[EMAIL PROTECTED] 
    mailto:[EMAIL PROTECTED]

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Reply via email to