Menu
▾
▴
Re: [Htmlunit-user] How secure is to send data via htmlunit
|
From: Ahmed A. <asa...@ya...> - 2014-05-29 09:53:16
|
Hi Ashutosh, - You first need to make sure HtmlUnit actually uses HTTPS (by seeing its logs, or even sniffing the traffic by outside programs like WireShark). - The next question is: is SSL secure enough? And this is not HtmlUnit-specific question, but rather a general browser one. There is a way to use interception proxy (but you could be able to detect that, by looking into your trusted local certificates), e.g. [1] Hope that helps, Ahmed [1] http://www.zdnet.com/how-the-nsa-and-your-boss-can-intercept-and-break-ssl-7000016573/ ________________________________ From: Ashutosh Sharma <ash...@gm...> To: htm...@li... Sent: Wednesday, May 28, 2014 9:42 PM Subject: [Htmlunit-user] How secure is to send data via htmlunit I am using htmlunit for setting up data into the user's profile at one of the website. In my code: webClient.getOptions().setUseInsecureSSL(false); And also using the certificate from the provider like this: System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files\\OracleJDK16_30b64\\jre\\lib\\security\\cacerts"); System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); //setup certURL webClient.getOptions().setSSLClientCertificate(certURL, "changeit", "JKS");//"jks" or "pkcs12". I just want one way authentication when i am sending the data to setup in the user's profile.So from my webserver to the target site - the data that is being tranversed is sage. How secure is this approach? Can Man in the middle and eavesdropping kind of attack can happen enroute? I dont want the user profile related data that is submitted from my application to be compromised. I am trying to find that out. I am going to use this behind the company's firewall I am using htmlunit-2.14 with JDK1.6.x I tried http post kind of approach: URL url1 = new URL("some url"); WebRequest request1 = new WebRequest(url1,HttpMethod.POST); HtmlPage pageTwo = webClient.getPage(request1); But this code(HTTP POST) doesn't work with the target website where we need to setup the CC. Any suggestions or pointers? Thanks in advance. -- With best Regards: Ashutosh Sharma |
