- From: Diallo, Pathe <Pathe.Diallo@experianscorex.com>
- Date: Fri, 29 Sep 2006 10:32:27 -0500
- To: "Tom Molesworth" <tetra604@gmail.com>, <www-talk@w3.org>
How can I disable the HTTP Header, or Customize it so it won't display Server:Apache I used: ServerTokens Prod I would like to be able to not display the Server name at all, or change it to a generic message Thank you -----Original Message----- From: www-talk-request@w3.org [mailto:www-talk-request@w3.org] On Behalf Of Tom Molesworth Sent: Friday, September 29, 2006 6:19 AM To: www-talk@w3.org Subject: Re: https without ssl hi there, > Hello, i would like to make an application to a webserver that uses > the http protocol, but encripted. i dont want to use https or ssl or > tls.... is it possible to encrypt http and all the browsers can read > the page???? > thnx for your help As far as I know, there isn't a commonly-deployed standard (outside HTTPS) for this type of encrypted communication, but it's fairly straightforward to implement encryption in Javascript, and use that to exchange information between the client and server once the page has been loaded. Take a look at this page: http://www.movable-type.co.uk/scripts/TEAblock.html for a simple encryption algorithm, there's also a link on that page to an implementation of AES, which should provide better security if required. Whichever implementation you go for, the actual data can be exchanged with XMLHttpRequest or IFRAME techniques as usual, see http://www.ajaxian.com for more info on that. Most browsers support Javascript, but you'd need some sort of fallback for anyone who has disabled it - mobile/cell phone browsers usually don't implement Javascript, for example.
Received on Sunday, 1 October 2006 03:08:37 UTC