Re: Development Environment w/ssl

From: Nicole Calinoiu (calinoiu)
Date: 12/13/04

Next message: MikeWorkflow: "CSP for this implementation could not be acquired"
Previous message: Nicole Calinoiu: "Re: More granular use of Dns and Socket Permission classes"
In reply to: J. Shane Kunkle: "Development Environment w/ssl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 13 Dec 2004 09:23:39 -0500

"J. Shane Kunkle" <shane@caudillweb.com> wrote in message
news:uHCD6Uu3EHA.2676@TK2MSFTNGP12.phx.gbl...
> Hello,
>
> We have an existing web application that we are modifying to contain
> sensitive, private user data. To secure the app as much as possible we
> would like to use ssl for the pages that display/edit this data.
>
> The production server is not as much of a worry at this point - however I
> am worried about testing and developing this application on our
> developer's machines. Our developers all develop locally (local copy of
> VS.NET, local web server, local database sql2000) on each of their
> machines - all the code is stored in a single Visual Source Safe server.
>
> What are the best practices to develop a partial ssl web application in
> this environment? Should we even worry about ssl at this point?

If most of the application runs over http, then it will be necessary to code
use of the https protocol into links to the "sensitive" pages. If the dev
machines don't have SSL certificates installed, such links won't work.

> Are certificates necessary?

Yup.

> Does anyone know of any resources, links, etc?

If you need to issue certificates for the dev machines, you will probably
need to set up a certification authority (unless, of course, you already
have one running). If you are on an existing Windows network, you should
probably contact your network admin to discuss this. If not, see
http://support.microsoft.com/default.aspx?scid=kb;en-us;272555 for minimum
instructions on setting up Microsoft Certificate Services outside of an
Active Directory environment.

>
> Any advice, articles or direction is much appreciated. Thanks in advance,
> Shane Kunkle
> jkunkle@vt.edu
>

Next message: MikeWorkflow: "CSP for this implementation could not be acquired"
Previous message: Nicole Calinoiu: "Re: More granular use of Dns and Socket Permission classes"
In reply to: J. Shane Kunkle: "Development Environment w/ssl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Development Environment w/ssl
... sensitive, private user data. ... The production server is not as much of a worry at this point - however I am ... local database sql2000) on each of their machines - all the code ... What are the best practices to develop a partial ssl web application in this ...
(microsoft.public.dotnet.security)
Using enterpirse CA certificates offline??
... Hi i am trying to get two machines to talk to each other over ssl using ... certificates that have been signed by an enterprise CA. ... I have managed to get this working when generating the certificates ...
(microsoft.public.windowsxp.security_admin)
Re: [Lit.] Buffer overruns
... http://www.garlic.com/~lynn/2001e.html#39 Can I create my own SSL key? ... http://www.garlic.com/~lynn/2001g.html#19 Root certificates ...
(sci.crypt)
Re: SSL certificate modification
... > That's only one reason for the existance of SSL server ... > that certificates contains certified public keys which are used during ... implication then the domain name infrastructure is a trusted server ...
(comp.security.misc)
Re: How to fix broken security in Windows 2000?
... explicitly identify the missing certificates using SFC or some other tool. ... it turns out Windows 2000 doesn't support that feature after ... all W2K machines have the problem seems to be holding up (and I have not yet ...
(microsoft.public.win2000.windows_update)