On 21/07/2010 03:21, Nikhil Wagholikar wrote:
> Hi Richard,
>
> CRC is one of the best methods for integrity checking (more
> precisely 'detection') of data between web server and web browser.
If the intention is to protect against malicious changes (as the
reference to tripwire suggests) then CRCs would be a very poor choice.
They are vulnable to a range of attacks that allow the data to be
modified whilst the CRC remains valid. If a secure hash is required
then something like SHA-1 or SHA-256 should be used.
>
> In any case, like Robert said, HTTPs will do integrity check for the
> data.
This is also true.
Cheers
rich.
>
> --- Nikhil Wagholikar Senior Consultant Ernst and Young (India) Web:
> http://www.ey.com/India
>
> On 21 July 2010 01:33,<richardhigh (at) imgva (dot) com [email concealed]> wrote:
>>
>> Does anyone know of any tools out there that can be used to ensure
>> the integrity of data while in transit from a web app and a user
>> using a website to enter information?
>>
>> I've heard of Tripwire and ossec but those more for OS or for files
>> at rest.
>>
>> Any ideas are welcomed. Thanks.
>>
>>
>>
>> This list is sponsored by Cenzic
>> -------------------------------------- Let Us Hack You. Before
>> Hackers Do! It's Finally Here - The Cenzic Website HealthCheck.
>> FREE. Request Yours Now!
>> http://www.cenzic.com/2009HClaunch_Securityfocus
>> --------------------------------------
>>
>
>
>
> This list is sponsored by Cenzic
> -------------------------------------- Let Us Hack You. Before
> Hackers Do! It's Finally Here - The Cenzic Website HealthCheck.
> FREE. Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>
>
--
Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
> Hi Richard,
>
> CRC is one of the best methods for integrity checking (more
> precisely 'detection') of data between web server and web browser.
If the intention is to protect against malicious changes (as the
reference to tripwire suggests) then CRCs would be a very poor choice.
They are vulnable to a range of attacks that allow the data to be
modified whilst the CRC remains valid. If a secure hash is required
then something like SHA-1 or SHA-256 should be used.
>
> In any case, like Robert said, HTTPs will do integrity check for the
> data.
This is also true.
Cheers
rich.
>
> --- Nikhil Wagholikar Senior Consultant Ernst and Young (India) Web:
> http://www.ey.com/India
>
> On 21 July 2010 01:33,<richardhigh (at) imgva (dot) com [email concealed]> wrote:
>>
>> Does anyone know of any tools out there that can be used to ensure
>> the integrity of data while in transit from a web app and a user
>> using a website to enter information?
>>
>> I've heard of Tripwire and ossec but those more for OS or for files
>> at rest.
>>
>> Any ideas are welcomed. Thanks.
>>
>>
>>
>> This list is sponsored by Cenzic
>> -------------------------------------- Let Us Hack You. Before
>> Hackers Do! It's Finally Here - The Cenzic Website HealthCheck.
>> FREE. Request Yours Now!
>> http://www.cenzic.com/2009HClaunch_Securityfocus
>> --------------------------------------
>>
>
>
>
> This list is sponsored by Cenzic
> -------------------------------------- Let Us Hack You. Before
> Hackers Do! It's Finally Here - The Cenzic Website HealthCheck.
> FREE. Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>
>
--
Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
[ reply ]