Martin Baehr <[EMAIL PROTECTED]> writes:
> On Wed, Sep 25, 2002 at 05:25:03PM +0100, Andrew M. Bishop wrote:
> > No, the HTTP protocol is well specified as to what can be sent in
> > either direction. The client (browser) can only send things that look
> > like HTTP requests (possibly with data in the body). The server can
> > only send back HTTP headers plus data.
>
> yes, but the data can be anything again,
> and you can't really check on that.
Imagine that you are trying to telnet out of a company that uses a
firewall proxy and you want to use HTTP. Since this is something that
you planned to do in advance you have written the client/server
software. The client sends fake HTTP requests with the key presses in
the request body. The server ignores the request and sends back any
data that is pending in the reply body.
So what the client does is to convert every key press into an HTTP
request and send it. Then to get the result back you need to keep
sending HTTP requests in case the server has anything to send. Since
the server cannot send data without being requested you need to keep
polling it.
Compare this to HTTPS tunneling. In this case you say to the proxy
firewall
CONNECT my.server:23
then you use the same socket to send telnet data in both directions.
You don't need to poll the server to see if it has any responses. You
don't need a modified telnet server. You only need to modify the
telnet client to send a few extra characters at the start of the
session.
Using HTTPS is much simpler and bidirectional by design. Using HTTP
is possible, but needs specialised servers.
--
Andrew.
----------------------------------------------------------------------
Andrew M. Bishop [EMAIL PROTECTED]
http://www.gedanken.demon.co.uk/
WWWOFFLE users page:
http://www.gedanken.demon.co.uk/wwwoffle/version-2.7/user.html
