[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev success story: communicating using https with proxy - only
|
From: |
David Woolley |
|
Subject: |
Re: lynx-dev success story: communicating using https with proxy - only lynx |
|
Date: |
Fri, 12 Apr 2002 22:25:09 +0100 (BST) |
> Just curious - anybody knows why all other browsers suck that much in this
> respect?
If I understand you correctly, because they follow good security practice
whereas Lynx doesn't treat https specially because at one time it wasn't
allowed to have encryption hooks and couldn't include the patented code.
I would consider it a bug. I would suggest it be disabled now as
it encourages the unsafe transmission of clear text sensitive data
outside the origin machine.
IE and (I think) Mozilla, both handle proxying of https and do so safely.
The squid proxy supports them to any depth of proxy and the CERN proxy
supports it to one level. The way they do it is to use a special HTTP
method, CONNECT, which is given a host and port number and the end proxy
then sets up a TCP connection to that address and operates an application
level relay back up the chain. Properly configured proxies do not let
through arbitrary port numbers!
I'm pretty sure, therefore, that the overall result here is that
Lynx is broken by not supporting CONNECT, or maybe the https patches
for it include CONNECT support.
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden