Martin Baehr <[EMAIL PROTECTED]> writes:
> On Wed, Sep 18, 2002 at 08:42:08PM +0100, Andrew M. Bishop wrote:
> > This is really a security feature for system aministrators. Allowing
> > HTTPS tunneling to any port will mean that people can bypass WWWOFFLE
> > if it is used as a firewall to stop people getting out. All that
> > WWWOFFLE does for HTTPS is open a socket connection and pass data in
> > both directions. There is no checking on the contents or the URL
> > because they are encrypted.
>
> well shouldn't that also be possible with http?
> but then, wait,
> i was not successfull in streaming realvideo through wwwoffle,
> but it works with other proxies...
No, the HTTP protocol is well specified as to what can be sent in
either direction. The client (browser) can only send things that look
like HTTP requests (possibly with data in the body). The server can
only send back HTTP headers plus data.
With https tunneling the socket is opened in both directions
transparently and data can flow in both directions with no checking at
all on the content format.
--
Andrew.
----------------------------------------------------------------------
Andrew M. Bishop [EMAIL PROTECTED]
http://www.gedanken.demon.co.uk/
WWWOFFLE users page:
http://www.gedanken.demon.co.uk/wwwoffle/version-2.7/user.html
