Re: Why are developers choosing to...

[mlh <mlh () zip com au>]

On Fri, Jan 20, 2006 at 11:34:05AM -0600, Behm, Jeffrey L. wrote:
> Why are developers choosing to write "web-based" code that runs some
> sort of encryption, typically SSL, across a non-standard port (say
> 10443) and then having those URLs blow up when they try to traverse the
> prudent company's perimeter security...You know..."deny all that is not
> explicitly allowed."
>
> I am seeing more and more "websites" that use a URL such as
> http://register.at.my.site:10443. Why not just use the standard secure
> port 443 from the get go?  Is there something that makes SSL across
> 10443 innately more secure, or is this just the "security by obscurity"
> smoke-and-mirrors trick?

Hey, I thought the standard security guys whine was to 
complain about dubious traffic being put over standard ports.
We should be happy if they get blocked by firewalls!

Back to the topic Certainly I've had cases of people asking for access to
some (in this case govt) website on an odd port, and I said
that they should just ask the server admin to use the standard ones.

Matt


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards