Re: Why are developers choosing to...

["Paul D. Robertson" <paul () compuwar net>]

On Fri, 20 Jan 2006, Behm, Jeffrey L. wrote:

> Why are developers choosing to write "web-based" code that runs some
> sort of encryption, typically SSL, across a non-standard port (say
> 10443) and then having those URLs blow up when they try to traverse the
> prudent company's perimeter security...You know..."deny all that is not
> explicitly allowed."

Combination of reasons...

> I am seeing more and more "websites" that use a URL such as
> http://register.at.my.site:10443. Why not just use the standard secure
> port 443 from the get go?  Is there something that makes SSL across
> 10443 innately more secure, or is this just the "security by obscurity"
> smoke-and-mirrors trick?
>
> Opinions?

More than likely a large number of sites are now being hosted on shared 
systems where port 443 is already snared by another site.  Combine that 
with the "I can test on a different port" and sprinkle on a little 
obscurity and some level of lesser threat (especially the "worms won't hit 
this" kind) and after you shake it all up, you kind of get what we have.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
http://fora.compuwar.net      Infosec discussion boards 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards