Thanks Mark, that's exactly what I needed to know. This stuff is out of
my league.
On 6/24/13 11:03 AM, Mark Wilcox wrote:
Another suggestion would be setting the property
libUrlSetSSLVerification to false as this may also resolve the
issue..
Another question: does setting libUrlSetSSLVerification to false
mean security is turned off completely, or only that the
certificate isn't checked?
Not doing SSL Certificate Verification means that the certificate
isn't checked, the content is still sent encrypted. Whether this
matters depends on the setup - if you control both the client and
server ends then it's not such a big deal, although technically it
does leave you vulnerable to man-in-the-middle attacks. You still
have the option of bundling a collection of root certificates with
your app (and you can find up to date collections online freely) but
that will mean the certificates will not be updated unless your app
is, so overtime they will go out of date. If you're only connecting
to your own server that's not much of a problem either - you need to
give everyone an update of the app when a certificate in your one
certificate chain expires but that's all. Keeping a general set of
certificates for the open web up to date is another matter entirely.
Mark _______________________________________________ use-livecode
mailing list use-livecode@lists.runrev.com Please visit this url to
subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
--
Jacqueline Landman Gay | jac...@hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
