0 Replies Latest reply on Jan 21, 2008 10:22 AM by dmlloyd

    HTTP transport and security

    dmlloyd

      For the purposes of securing the Remoting 3 HTTP transport, I intend to rely on HTTPS and standard HTTP authentication mechanisms to provide the authentication and encryption for the transport.

      Another possibility would be to use a SASL layer nested inside of the HTTP request body. However, because the user-provided message headers would not be encrypted if this option were followed, I opted against it. In addition, it makes more sense to me to reuse existing mechanisms rather than invent new ones.

      Any comments?