That is something we have been considering, but someone is going to
bring up the fact that passwords would be in the clear.
It would be an option to have some sort of encrypted authentication
'thing' over HTTP
No it is strictly for having users, on front ends authenticate so they
will only have access to their own data/objects
On 12/03/2015 07:11 PM, Jakob Bohm wrote:
Since the network is (as I understand it) physically secure
against wiretapping, how about using plain http with http auth?
Or are you trying to protect against TCP connection hijacks by
other computers/processes on the "secure" network?
On 04/12/2015 00:35, Ron Croonenberg wrote:
The network is isolated from the outside worl, BUT we still need
authentication because different users are using it.
So what I preferably want is sort of a set up where,
authentication is done the "standard way" and after that just use the
https connection without the overhead of actually encrypting anything.
(and the lesss modifications and recompiling the better)
thanks,
Ron
On 12/03/2015 02:50 PM, Richard Moore wrote:
On 2 December 2015 at 17:53, Ron Croonenberg <r...@lanl.gov
<mailto:r...@lanl.gov>> wrote:
So the idea is to use an object store on an isolated network and
push and get objects out of it using https.
âIf network is fully isolated you could use plain text. Using 'https'
and null encryption is basically just pretending to do security.
Enjoy
Jakob
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
