Log in

No account? Create an account
LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Security? [Jul. 27th, 2002|09:12 pm]
LiveJournal Client Discussions

sol3's post brought up an interesting point: security. Is it possible for LJ to host some sort of secure client protocol connection, such as SSL? As far as I can tell, it would be somewhat trivial to add that to the system.

Of course, I may be wrong here. :)


[User Picture]From: sol3
2002-07-27 09:38 am (UTC)
Unless there are bits in the lj code that explicetly refer to everything as http - as opposed to relative urls, it would simply be a matter of webserver configurationing (and, obtaining an ssl key, which isn't the cheapest thing in the world, alas).

Most client code would, i'd imagine, be able to easily add in ssl support. I think i'm going to make sure that the library i'm doing will do ssl - (it might be worth it for me to grab the lj code and set it up under an ssl server, just to play with it)...

(Reply) (Thread)
[User Picture]From: igrokme
2002-07-28 01:20 pm (UTC)

SSL required??

Most webservers don't run SSL without leaving at least some plain http access. The way I forsee LJ doing this with the lowest impact would be to allow https access, say, to /interface/flat
I don't think anyone would want to require it and it doesn't make sense for all occasions.

Clients would then have the option of linking in, say, the library from www.openssl.org (or the perl module which uses it, or whatever) if their users wanted to use the SSL interface option.

The only thing I can think of is the possible cost of aquiring an officially certified certification. The instructions on how to create your own cert are readily available but having a non-official cert will give users using browsers funky error messages unless/until they accept the cert permanently.
(Reply) (Parent) (Thread)