acmeattic-devel team mailing list archive

Thread
Date

Re: Components split up diagram

To: Aditya Manthramurthy <aditya.mmy@xxxxxxxxx>
From: Karthik Swaminathan Nagaraj <nkarthiks@xxxxxxxxx>
Date: Sun, 11 Jul 2010 11:44:58 -0400
Cc: acmeattic-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4C3984AC.2030108@gmail.com>

On Sun, Jul 11, 2010 at 4:45 AM, Aditya Manthramurthy
<aditya.mmy@xxxxxxxxx>wrote:

> On Saturday 10 July 2010 10:08 PM, Karthik Swaminathan Nagaraj wrote:
>
>> HTTPS [1] just provides HTTP over SSL (as simple as that). Its the
>> browser's responsibility to verify the certificates. Mozilla has put up a
>> list of certificates that it uses [2] (from popular Certificate
>> Authorities). If we initiate a connection using SSL, the client software
>> obtains the server's certificate and verifies it against one of these
>> certificates that our application would carry. (We do not have a browser in
>> this picture).
>> If our Server Core module were to listen on the HTTPS port (443), then its
>> actually hijacking a "well known" port for our application. This means that
>> the same machine cannot handle an HTTPS web server.
>> If you are referring to writing the server core module as a web
>> application, it sounds weird to write a non-www application as a web
>> application. Also, I am sure DropBox and SpiderOak do not use HTTPS for
>> client_app-server_app interaction.
>>
>>  I was saying that the server process could listen to the clients via the
> web server which will listen on 443. This makes sure that no special
> firewall considerations are needed in most networks. If a browser can
> connect to https sites, so can the acmeattic client. In fact, both dropbox
> and spideroak use https [1,2]. I agree that server verification should also
> be done by the client, but at least until we add that functionality, the web
> browser can do it (we just need to point it to the https base url of the
> server site).
>

OK then. If firewall is such an important issue, I shall agree.
Could someone give me an idea of how our server daemon would interact with a
HTTPS web server? Is it something like PHP where a script is called on
receipt of a HTTPS request? (I have no knowledge of Django or similar).


>
> [1]: https://www.dropbox.com/help/23
> [2]:
> https://spideroak.com/faq/are_there_any_special_firewall_settings_spideroak_needs
>
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~acmeattic-devel<https://launchpad.net/%7Eacmeattic-devel>
> Post to     : acmeattic-devel@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~acmeattic-devel<https://launchpad.net/%7Eacmeattic-devel>
> More help   : https://help.launchpad.net/ListHelp
>



-- 
Karthik

Follow ups

Re: Components split up diagram
From: Aditya Manthramurthy, 2010-07-11

References

Components split up diagram
From: Aditya Manthramurthy, 2010-07-07
Re: Components split up diagram
From: Karthik Swaminathan Nagaraj, 2010-07-09
Re: Components split up diagram
From: Aditya Manthramurthy, 2010-07-10
Re: Components split up diagram
From: Karthik Swaminathan Nagaraj, 2010-07-10
Re: Components split up diagram
From: Aditya Manthramurthy, 2010-07-11