AppleInsider › Forums › Software › Mac Software › Inside MobileMe: Web 3 and Web client-server apps
New Posts  All Forums:Forum Nav:

Inside MobileMe: Web 3 and Web client-server apps - Page 2

post #41 of 45
8/17/08 at 7:49pm
Quote:
Originally Posted by solipsism View Post

IP address in image is from Cambridge, Mass.

Upon looking at it more closely it looks like that is where your closest MM servers are, so I guess that puts you within the general region.

I'm actually in Silicon Valley.
Reply
Reply
post #42 of 45
8/17/08 at 7:51pm
Quote:
Originally Posted by tlrobinson View Post

I'm actually in Silicon Valley.

I really hope that IP address-to-location is wrong or that could explain some of the slowness with MM.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #43 of 45
8/17/08 at 11:00pm
Quote:
... rather than the SSL web page encryption used by HTTPS. The only real web pages MobileMe exchanges with the server are the HTML, JavaScript, and CSS files that make up the application, which have no need for SSL encryption following the initial user authentication.
....
If Apple applied SSL encryption in the browser, it would only slow down every data exchange without really improving security, and instead only provide pundits with a false sense of security that distracts from real security threats.

That's wrong. If you don't serve the static page (HTML and all) with SSL, then what's stopping someone from intercepting the traffic and injecting a backdoor written in JavaScript into the application? The application can then make JSON requests as normal, but secretly send the private data elsewhere.
Reply
Reply
post #44 of 45
8/17/08 at 11:12pm
Someone named Jens Alfke reviews the MM security of this article.
http://mooseyard.com/Jens/2008/08/re...there-is-none/
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #45 of 45
8/18/08 at 5:42am
Quote:
Originally Posted by tlrobinson View Post

I actually don't think anything (besides the login process) is encrypted. You were probably looking at the gzipped responses and thought it was encryption (I did the same thing at first too)

You're right.... My initial sniffs were done with a quick run of tcpdump captured to a file and doing a quick search for obvious clear strings, but upon further closer inspection, I saw the gzip headers.

Further investigation through a real packet sniffer with proper decodes (Ethereal in this case) showed up the plain clear text on-the-wire, which was not entirely surprising (since as I said, many assumptions were made in this article without the benefits of an actual packet trace).
Reply
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac Software
AppleInsider › Forums › Software › Mac Software › Inside MobileMe: Web 3 and Web client-server apps