Campquake Senate

What do you know about httpf? Are these supposed to be more secure or just faster sacrificing security?

TIA

Maverick

i know of http and https....not httpf...

httpF?!

Could you mean httpS?

Https is a secure HTTP protocol that uses SSL to encrypt data. It's a cheap way to encrypt your information sent over a web site. (Cheap meaning that it doesn't need a VPN or hardware to preform the encryption.) It uses up to 256-bit encryption to encrypt the 2-way data sent between the web server the client. But that's downgradable to what the client has on their browser. So you can opt to allow a 128-bit or lower client to connect to your site if you like.

It's drawback is that it requires a certificate authority to issue your domain an annual license to secure your web server. So, for example, if you wanted to secure http://www.campquake.net you would need to buy a certificate for that site. And if you wanted to secure server.campquake.net, that would require another certificate. I've found that http://www.thawte.com has good prices. But there was an open source SSL site trying to become a certificate of authority issuer for free. I haven't checked if that has become a valid alternative yet.

I used http://www.rapidssl.com the last time and they worked out quite well so far. I've had the certificates with them for about 2 years now...
IIRC they were alot cheaper than Thawte was also...

There is such a thing as httpF although, some info on it can be found here.
http://httpf.sourceforge.net/
It's just a filtering proxy thats supposed to filter out bad things like javascript calls and client checks to find out what OS\Browser that you're running.

Thanks guys.

Checked out that link KD. Just to clarify, it is basically just like a firewall so to speak. It denies access to pages with questionable content?

Neophyte wrote:httpF?!

Could you mean httpS?

Https is a secure HTTP protocol that uses SSL to encrypt data. It's a cheap way to encrypt your information sent over a web site. (Cheap meaning that it doesn't need a VPN or hardware to preform the encryption.) It uses up to 256-bit encryption to encrypt the 2-way data sent between the web server the client. But that's downgradable to what the client has on their browser. So you can opt to allow a 128-bit or lower client to connect to your site if you like.

It's drawback is that it requires a certificate authority to issue your domain an annual license to secure your web server. So, for example, if you wanted to secure http://www.campquake.net you would need to buy a certificate for that site. And if you wanted to secure server.campquake.net, that would require another certificate. I've found that http://www.thawte.com has good prices. But there was an open source SSL site trying to become a certificate of authority issuer for free. I haven't checked if that has become a valid alternative yet.

there is also entrust - $150 or so, per year, and you can register multiple years at once, so no need to renew annually.

Thanks guys.

Checked out that link KD. Just to clarify, it is basically just like a firewall so to speak. It denies access to pages with questionable content?

Not necessarilly the pages, just the questionable content on them...

Ok, gotcha! Thanks