I noticed that HTTPS was mentioned by a few people. Note that HTTPS only offers a start. It's far from sufficient when it comes to the transportation. HTTPS it itself make the channel "secure" (as in, 'it takes a while to decrypt'). It doesn't authenticate either end of the channel; just the fact that I talk to you over HTTPS doesn't mean I'm entitled to your data, nor does it mean I am who I say I am.
Basically, when two parties communicate, you want to:
- Encrypt you channel. Noone should be able to read what was send by inspecting the wire.
- Authenticate both parties. You shouldn't send data to someone who isn't your client, and your client shouldn't accept data from someone else. No man in the middle attacks.
- Authorize the parties. A test server from the client may be authenticated, but it's not entitled to the production data.
- Audit trail the communication. Who logged in when. What was asked for. What was send.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|
