Re^2: Encryption between Java and Perl

I ended up using an MD5 hash of a 'nonce' plus a key to authenticate my client(s). This prevents random passers-by from calling my SOAP functions. Still working on incorporating SSL into the mix.

Comment on Re^2: Encryption between Java and Perl

Replies are listed 'Best First'.
Re^3: Encryption between Java and Perl by erroneousBollock (Curate) on Aug 16, 2007 at 05:56 UTC
If it's feasible for you, I've found SSL peer certificate-based authentication to be a good solution. I guess you can add all sorts of other authentication over the top of that (eg: passwords, session tokens, etc), but no passer-by is really going to be able to get past the SSL request authentication stage. I use openssl + a perl script to generate my client certificates... the attributes are formated so that they're both human readable (by the customer's web-browser) and so that they contain a (secret) ID which my code can look up in the database. -David	[reply]

Replies are listed 'Best First'.

Re^3: Encryption between Java and Perl
by erroneousBollock (Curate) on Aug 16, 2007 at 05:56 UTC

I guess you can add all sorts of other authentication over the top of that (eg: passwords, session tokens, etc), but no passer-by is really going to be able to get past the SSL request authentication stage.

I use openssl + a perl script to generate my client certificates... the attributes are formated so that they're both human readable (by the customer's web-browser) and so that they contain a (secret) ID which my code can look up in the database.

-David

[reply]