ANNOUNCE- AWS - Ada Web Server (v0.3)

ANNOUNCE- AWS - Ada Web Server (v0.3)

[Pascal Obry]

This is to announce that there is a new version of my AWS
package on my homepage. This is certainly the first usable
version.

What's new:
- connection through proxy
- authentification through proxy
- Basic authentification supported (base64 algorithm)
- binary data supported for HTTP/1.0 clients
  (like Netcape 4.6 browsers)
- implement If-Modified-Since
- almost clean scheme to close the connection on a HTTP/1.1
  persistent connection.
- chunked protocol implemented

What's needed to build:
- a POSIX binding (see my homepage for a Win32 implementation,
  look for Florist if you are under UNIX).
- an Ada95 compiler
- a socket binding (If you are under UNIX you'll have to slightly change
  AWS as the Win32 Sockets binding is a bit different)

BTW, I've been really surprised to found out that the Web "Basic"
authentification is not at all secure. This is just a base64 encoded
"user:pws" string! Use a base64 decoder (10 lines of Ada see AWS
sources) and you get both the user name and the password :)

Enjoy,
Pascal.

--

--|------------------------------------------------------
--| Pascal Obry                           Team-Ada Member
--| 45, rue Gabriel Peri - 78114 Magny Les Hameaux FRANCE
--|------------------------------------------------------
--| http://ourworld.compuserve.com/homepages/pascal_obry
--|
--| "The best way to travel is by means of imagination"

Re: ANNOUNCE- AWS - Ada Web Server (v0.3)

[Ted Dennison]

In article <862qre$ql1$1@wanadoo.fr>,
  "Pascal Obry" <p.obry@wanadoo.fr> wrote:

> BTW, I've been really surprised to found out that the Web "Basic"
> authentification is not at all secure. This is just a base64 encoded
> "user:pws" string! Use a base64 decoder (10 lines of Ada see AWS
> sources) and you get both the user name and the password :)

I found this little ditty in the Apache FAQ:

Web authentication passwords (at least for Basic authentication)
generally fly across the wire, and through intermediate proxy systems,
in what amounts to plaintext. "O'er the net we go/Caching all the way;/O
what fun it is to surf/Giving my password away!"

I think I've seen a longer version somewhere.

--
T.E.D.

http://www.telepath.com/~dennison/Ted/TED.html


Sent via Deja.com http://www.deja.com/
Before you buy.

Re: ANNOUNCE- AWS - Ada Web Server (v0.3)

[Tucker Taft]

Ted Dennison wrote:
> 
> In article <862qre$ql1$1@wanadoo.fr>,
>   "Pascal Obry" <p.obry@wanadoo.fr> wrote:
> 
> > BTW, I've been really surprised to found out that the Web "Basic"
> > authentification is not at all secure. This is just a base64 encoded
> > "user:pws" string! Use a base64 decoder (10 lines of Ada see AWS
> > sources) and you get both the user name and the password :)
> 
> I found this little ditty in the Apache FAQ:
> 
> Web authentication passwords (at least for Basic authentication)
> generally fly across the wire, and through intermediate proxy systems,
> in what amounts to plaintext. "O'er the net we go/Caching all the way;/O
> what fun it is to surf/Giving my password away!"
> 
> I think I've seen a longer version somewhere.

This is why before you type your password, you should check that
the page asking for it is using SSL (i.e. "https://...).  SSL hides
your password until it reaches the destination.

> 
> --
> T.E.D.
> 
> http://www.telepath.com/~dennison/Ted/TED.html
> 
> Sent via Deja.com http://www.deja.com/
> Before you buy.

-- 
-Tucker Taft   stt@averstar.com   http://www.averstar.com/~stt/
Technical Director, Distributed IT Solutions  (www.averstar.com/tools)
AverStar (formerly Intermetrics, Inc.)   Burlington, MA  USA