Re: AcceptSecurityContext with invalid data returns SEC_E_INCOMPLETE_MESSAGE?

From: Alun Jones (alun_at_texis.invalid)
Date: 11/16/05

Next message: Sami J. Lehtinen: "Re: INTERACTIVE group missing after SSPI auth"
Previous message: John Banes: "Re: AcceptSecurityContext with invalid data returns SEC_E_INCOMPLETE_MESSAGE?"
In reply to: John Banes: "Re: AcceptSecurityContext with invalid data returns SEC_E_INCOMPLETE_MESSAGE?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 15 Nov 2005 22:49:17 -0800

John Banes wrote:
> I was suggesting that you look at the webclient and webserver programs for
> general guidelines on programming SSPI/SSL--just to make sure that you
> were aware of their existence. I didn't mean to suggest that it handled
> this particular situation correctly! It's probably been several years
> since I've looked at the public versions of these samples and so I wasn't
> sure how they handled this case.

Once again, we are reminded that there is a difference between security code
and secure code. :-)

The dangers of ripping code out of samples are well-known. The difficulty
of writing good sample code that is clear enough to educate, while still
being complete enough to be secure, is not appreciated.

Without John Banes' sample code, I would have used OpenSSL - both OpenSSL
and SChannel have really dire documentation, but with a good example of
source code to go on, it's possible to get it right. The presence of just
these two samples allowed me to consider SChannel at all.

Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]

-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
23921 57th Ave SE         | alun@wftpd.com.
Washington WA 98072-8661  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.

Next message: Sami J. Lehtinen: "Re: INTERACTIVE group missing after SSPI auth"
Previous message: John Banes: "Re: AcceptSecurityContext with invalid data returns SEC_E_INCOMPLETE_MESSAGE?"
In reply to: John Banes: "Re: AcceptSecurityContext with invalid data returns SEC_E_INCOMPLETE_MESSAGE?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: ssl negotiation failed with Microsoft IIS
... They can fail when you write first ssl packet header, ... [Please don't email posters, if a Usenet response is appropriate.] ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
(microsoft.public.platformsdk.security)
Re: Security Bug in IE
... >people print out the contents of FTP sites, ... [Please don't email posters, if a Usenet response is appropriate.] ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
(microsoft.public.security)
Re: Why does Windows allow Worms?
... In article, Bruce Barnett ... [Please don't email posters, if a Usenet response is appropriate.] ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
(comp.security.misc)
Re: LogonUser, but no password?
... across a network, for instance a client certificate, or a password, but even ... [Please don't email posters, if a Usenet response is appropriate.] ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
(microsoft.public.platformsdk.security)
Re: Security??
... It was silly of Jason to claim that he was invulnerable. ... [Please don't email posters, if a Usenet response is appropriate.] ... Texas Imperial Software | Find us at http://www.wftpd.com or email ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ...
(microsoft.public.security)