ePKI enabled legacy application
Posted on 2003-02-20
(1) By non-web protocol, what do you mean? What specific protocols are you excluding? HTTP?
If web enabled application, we can use ssl. I want to secure some tcp services running
on remote machine.
(2) Does the proxy have prior knowledge of the protocol being used between the client and server?
(3) Do you have any control over the client/server applications? Can you modify the client code before introducing your proxy?
I have to write the client code.
(4) Calling your application a proxy implies (to me) that the client and server are to be unaware of the proxy's existance. Is this true?
my proxy is not transaparent proxy.
(5) Finally, is your project an attempt to demonstrate a 'man-in-the-middle' attack?
yes, I have to provide a middleware to secure the remote machine.
suppose we have one application server(security unaware) which is running on
port X. application client(security unaware which means message transfered
in plain text) should make request to the server machine on port X.
client --------------> Server (port x)
Host A Host B
we are planning to put a proxy server or service between the application
client and application server.
The proxy is not transparent proxy. The client should make inital request
to the proxy service instead of directly connecting to the
application server.I have to write the client application also to enable
the same. ie.
1. The user should use my client program to use the service from
2. My client program will make inital request to proxy service instead
of application server.
3. The proxy will do the client authentication and provide encrypted
channel between client and proxy.
4. After completing the above process, the proxy will accept the
encrypted packets from the client, decrypt it and then send to the
5. The communication channel between proxy and application server may be in
plain text(since within intranet).
6. The proxy service can be run on different machine or may be
in the same machine(in which application server running) with different
Client Proxy Application
Program ---------> Service(Port Y)----------> Server(Port x)
Host A Host B
In short, my project is a middleware which should secure
the services(security unaware) running on remote machine.
please give some useful pointer to proceed in optimum way.