W3C home > Mailing lists > Public > www-talk@w3.org > September to October 2006

RE: https without ssl

From: Diallo, Pathe <Pathe.Diallo@experianscorex.com>
Date: Fri, 29 Sep 2006 10:32:27 -0500
Message-Id: <536D05B1A86DD1119ACB00805FE66D0723309320@alnexch1.ena.us.experian.local>
To: "Tom Molesworth" <tetra604@gmail.com>, <www-talk@w3.org>

 
How can I disable the HTTP Header, or Customize it so it won't display

Server:Apache

I used:
ServerTokens Prod

I would like to be able to not display the Server name at all, or change
it to a generic message

Thank you
-----Original Message-----
From: www-talk-request@w3.org [mailto:www-talk-request@w3.org] On Behalf
Of Tom Molesworth
Sent: Friday, September 29, 2006 6:19 AM
To: www-talk@w3.org
Subject: Re: https without ssl


hi there,

> Hello, i would like to make an application to a webserver that uses 
> the http protocol, but encripted. i dont want to use https or ssl or 
> tls.... is it possible to encrypt http and all the browsers can read 
> the page????
>   thnx for your help

As far as I know, there isn't a commonly-deployed standard (outside
HTTPS) for this type of encrypted communication, but it's fairly
straightforward to implement encryption in Javascript, and use that to
exchange information between the client and server once the page has
been loaded.

Take a look at this page:

http://www.movable-type.co.uk/scripts/TEAblock.html

for a simple encryption algorithm, there's also a link on that page to
an implementation of AES, which should provide better security if
required. Whichever implementation you go for, the actual data can be
exchanged with XMLHttpRequest or IFRAME techniques as usual, see
http://www.ajaxian.com for more info on that.

Most browsers support Javascript, but you'd need some sort of fallback
for anyone who has disabled it - mobile/cell phone browsers usually
don't implement Javascript, for example.
Received on Sunday, 1 October 2006 03:08:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:29 GMT