Opened 14 years ago
Last modified 13 years ago
#8694 new defect
java client access via vboxjws.jar is not using https
Reported by: | ludo | Owned by: | |
---|---|---|---|
Component: | webservices | Version: | VirtualBox 4.0.4 |
Keywords: | Cc: | ||
Guest type: | other | Host type: | other |
Description
java client access via vboxjws.jar is done via http and a user name and password.
But http communication is not secure, so it would be possible to see the name and password in clear on the wire. Please consider adding https access as well for real security.
Note:
See TracTickets
for help on using tickets.
So far we opted for referring to Apache in a reverse proxy config to provide SSL functionality. This avoids reinventing the wheel, which in this area often means making embarassing mistakes handling private keys and the like...