Encrypted connection

Discussion in 'Perl Misc' started by Jens Thoms Toerring, May 17, 2012.

  1. Hi,

    I'm in the planning stage of writing a server-client
    application for which I need good enryption of all data
    exchanged between the server and client. While the client-
    server part as such does't pose a major problem I don't
    have much experience with encrypting a connection. I have
    done quite a bit of reading and checking what's available
    on CPAN, but I haven't yet a good idea about the best way
    to do it. Some packages seem to only cover the client side,
    others have rather mixed reviews etc. I guess several peo-
    ple here have been doing this kind of stuff for years and
    years and I would be really grateful for all pointers and
    recommendations.
    Thanks and best regards, Jens
    --
    \ Jens Thoms Toerring ___
    \__________________________ http://toerring.de
    Jens Thoms Toerring, May 17, 2012
    #1
    1. Advertising

  2. Jens Thoms Toerring

    Tim Watts Guest

    Ben Morrow wrote:

    >
    > Quoth Eli the Bearded <*@eli.users.panix.com>:
    >> In comp.lang.perl.misc, Jens Thoms Toerring <> wrote:
    >> > I'm in the planning stage of writing a server-client
    >> > application for which I need good enryption of all data
    >> > exchanged between the server and client. While the client-
    >> > server part as such does't pose a major problem I don't
    >> > have much experience with encrypting a connection.

    >>
    >> Net::SSLeay

    >
    > That's a good answer, but it's probably easier to use IO::Socket::SSL,
    > which is a layer over New::SSLeay that looks (almost) just like
    > IO::Socket::INET. Remember to be careful about verifying the server
    > certificate, and the client cert if you use one. You don't necessarily
    > need certs from a public CA: using a private self-signed CA is fine, but
    > you do need to check the certificate has been properly signed by the
    > right CA.
    >
    > Sensible alternatives include ssh, Kerberos, and using HTTPS with a web
    > server to handle the server-side encryption.
    >
    > Ben


    And to the OP - don't discount the possibility of hooking IO through an
    external tool, eg:

    stunnel or socat or a real ssh client. A variation on this trick is to rig
    stunnel/socat (and inetd) to deal with the SSL connection and present an
    unencrypted net socket (or unix domain socket) on the loopback address to
    which the local client or server will connect.

    It's not as neat as having the client/server program deal with it - OTOH it
    may be simpler and often, simpler lessens problems that lead to security
    issues.

    Cheers,

    Tim
    --
    Tim Watts
    Tim Watts, May 18, 2012
    #2
    1. Advertising

  3. Hi,

    thank you very much to all of you - I guess I have now
    a better idea were to look first and how to get started!

    Best regards, Jens
    --
    \ Jens Thoms Toerring ___
    \__________________________ http://toerring.de
    Jens Thoms Toerring, May 20, 2012
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alek Davis

    Using encrypted dB connection string

    Alek Davis, May 21, 2004, in forum: ASP .Net
    Replies:
    12
    Views:
    2,910
    Alek Davis
    Jun 3, 2004
  2. Ranginald
    Replies:
    2
    Views:
    424
    Ranginald
    Feb 6, 2007
  3. Scott M.

    Encrypted Connection String

    Scott M., Dec 14, 2003, in forum: ASP .Net Security
    Replies:
    3
    Views:
    117
    Guest
    Dec 15, 2003
  4. Phil C.
    Replies:
    8
    Views:
    188
    charlestek
    Mar 17, 2005
  5. JohnMSyrasoft

    ASP.NET 2.0 Encrypted Connection String

    JohnMSyrasoft, Apr 12, 2005, in forum: ASP .Net Security
    Replies:
    1
    Views:
    232
    Brock Allen
    Apr 12, 2005
Loading...

Share This Page