Firewall Wizards mailing list archives
Re: Why are developers choosing to...
From: "Adrian Grigorof" <adi () grigorof com>
Date: Fri, 20 Jan 2006 12:52:40 -0500
One reason on IIS is that you can only have one TCP/443, SSL secured website per IP address. Many hosting companies are using "host headers" to host several websites with the same IP address. For example: www.company.com runs on IP 123.234.123.23 using host headers, the configure another site to use the same IP address: www.company2.com If they want to make www.company.com accessible via SSL, they get a certificate and publish it on IIS so now one can use https://www.company.com If they want to secure www.company2.com they can get a certificate but cannot use the same 123.234.123.23 IP address and keep TCP/443 for SSL as it is already used by www.company.com. So they have to either configure another port for the company2 SSL (i.e. 10443) or add another IP address to the server. Sometimes the IP address is not available so they have to change the TCP port. Regards, Adrian Grigorof Altair Technologies www.altairtech.ca www.eventid.net ----- Original Message ----- From: "Behm, Jeffrey L." <BehmJL () bvsg com> To: <firewall-wizards () honor icsalabs com> Sent: Friday, January 20, 2006 12:34 Subject: [fw-wiz] Why are developers choosing to... Why are developers choosing to write "web-based" code that runs some sort of encryption, typically SSL, across a non-standard port (say 10443) and then having those URLs blow up when they try to traverse the prudent company's perimeter security...You know..."deny all that is not explicitly allowed." I am seeing more and more "websites" that use a URL such as http://register.at.my.site:10443. Why not just use the standard secure port 443 from the get go? Is there something that makes SSL across 10443 innately more secure, or is this just the "security by obscurity" smoke-and-mirrors trick? Opinions? Jeff _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Why are developers choosing to... Behm, Jeffrey L. (Jan 20)
- Re: Why are developers choosing to... Paul D. Robertson (Jan 20)
- Re: Why are developers choosing to... Joseph S D Yao (Jan 20)
- Re: Why are developers choosing to... Paul D. Robertson (Jan 20)
- Re: Why are developers choosing to... Joseph S D Yao (Jan 20)
- Re: Why are developers choosing to... Karl Mueller (Jan 20)
- Re: Why are developers choosing to... Adrian Grigorof (Jan 20)
- Re: Why are developers choosing to... Greg Spath (Jan 20)
- Message not available
- Re: Why are developers choosing to... hermit921 (Jan 20)
- Re: Why are developers choosing to... Paul D. Robertson (Jan 20)
- Re: Why are developers choosing to... hermit921 (Jan 20)
- Re: Why are developers choosing to... Paul D. Robertson (Jan 20)
- Re: Why are developers choosing to... Darren Reed (Jan 20)
- Re: Why are developers choosing to... mlh (Jan 23)
- Re: Why are developers choosing to... Barney Wolff (Jan 23)
- <Possible follow-ups>
- Re: Why are developers choosing to... Keith A. Glass (Jan 20)
- Re: Why are developers choosing to... Greg Spath (Jan 20)
- RE: Why are developers choosing to... Behm, Jeffrey L. (Jan 20)
- RE: Why are developers choosing to... Behm, Jeffrey L. (Jan 20)