RE: https without ssl

How can I disable the HTTP Header, or Customize it so it won't display


I used:
ServerTokens Prod

I would like to be able to not display the Server name at all, or change
it to a generic message

Thank you
-----Original Message-----
From: [] On Behalf
Of Tom Molesworth
Sent: Friday, September 29, 2006 6:19 AM
Subject: Re: https without ssl

hi there,

> Hello, i would like to make an application to a webserver that uses 
> the http protocol, but encripted. i dont want to use https or ssl or 
> tls.... is it possible to encrypt http and all the browsers can read 
> the page????
>   thnx for your help

As far as I know, there isn't a commonly-deployed standard (outside
HTTPS) for this type of encrypted communication, but it's fairly
straightforward to implement encryption in Javascript, and use that to
exchange information between the client and server once the page has
been loaded.

Take a look at this page:

for a simple encryption algorithm, there's also a link on that page to
an implementation of AES, which should provide better security if
required. Whichever implementation you go for, the actual data can be
exchanged with XMLHttpRequest or IFRAME techniques as usual, see for more info on that.

Most browsers support Javascript, but you'd need some sort of fallback
for anyone who has disabled it - mobile/cell phone browsers usually
don't implement Javascript, for example.

Received on Sunday, 1 October 2006 03:08:37 UTC