--0-548178878-1140116327=:22482
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Hi:
I am working on securing a webservice front-ended by the Apache webserv=
er.
It is possible that in this application the requirements will be :
(1) Clients be authenticated using a password they enter using a form t=
hat is secured using https. For this I am planning to download mod_ssl an=
d get a certificate from Versign/Thwate. I have the information I need to=
enable this [documentation avail on the net].
(2) Once the client is verified, then it is possible that subsequent in=
teractions of that client will include 'getting' documents from this webs=
ite. The only caveat is: It is possible that once signed in, the exchange=
between the client/server will require no encryption, but only a digital=
signature to guarantee that the document has not been tampered with.
My question relates to (2). Is it possible to set up mod_ssl + apache c=
onfiguration that the sign-in of the client happens using a form enabled =
over https [contents are encrypted]. But subsequent interactions of an au=
thenticated client do not suffer encryption while simultaneously providin=
g a digital signature guarantee [hence ensuring that the document is tamp=
er-proof]? so basically- I am asking
2.1) is it possible to turn on signing while disabling encryption?
2.2) Is this possible to do over one webserver using virtual hosts or w=
ill I need more than one instance of the service?
Thanks in advance.
Arjun Khanna.
=09
---------------------------------
Relax. Yahoo! Mail virus scanning helps detect nasty viruses!
--0-548178878-1140116327=:22482
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
<div>Hi:</div> <div>I am working on securing a webservice front-ended by=
the Apache webserver.</div> <div> </div> <div>It is possible that=
in this application the requirements will be :</div> <div>(1) Clients b=
e authenticated using a password they enter using a form that is secured =
using https. For this I am planning to download mod_ssl and get a certifi=
cate from Versign/Thwate. I have the information I need to enable this [d=
ocumentation avail on the net].</div> <div> </div> <div>(2) Once t=
he client is verified, then it is possible that subsequent interactions o=
f that client will include 'getting' documents from this website. The onl=
y caveat is: It is possible that once signed in, the exchange between the=
client/server will require no encryption, but only a digital signature t=
o guarantee that the document has not been tampered with.</div> <div>&nb=
sp;</div> <div>My question relates to (2). Is it possible to set up mod_=
ssl + apache configuration that the sign-
in of
the client happens using a form enabled over https [contents are encrypt=
ed]. But subsequent interactions of an authenticated client do not suffer=
encryption while simultaneously providing a digital signature guarantee =
[hence ensuring that the document is tamper-proof]? so basically- I=
am asking </div> <div>2.1) is it possible to turn on signing while disa=
bling encryption?</div> <div>2.2) Is this possible to do over one webser=
ver using virtual hosts or will I need more than one instance of the serv=
ice?</div> <div> </div> <div>Thanks in advance.</div> <div>Arjun =
Khanna.</div> <div> </div><p>
<hr size=3D1>Relax. Yahoo! Mail
<a href=3D"http://us.rd.yahoo.com/mail_us/taglines/virusall/*http://commu=
nications.yahoo.com/features.php?page=3D221">virus scanning</a> helps det=
ect nasty viruses!
--0-548178878-1140116327=:22482--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
