[guardian-dev] NetCipher and HttpURLConnection
Nathan of Guardian
nathan at guardianproject.info
Mon Feb 10 21:55:35 EST 2014
On 02/10/2014 09:38 PM, Josh Steiner wrote:
> I think it does, but I havn't tried it:
> "By default, this class will connect directly to the origin server. It
> can also connect via an HTTP or SOCKS proxy. To use a proxy,
> useURL.openConnection(Proxy) when creating the connection."
Hmm, great. Not sure why we missed that before, or perhaps it changed?
The main issue, and one we have a problem with right now with Apache, is
that we need to make sure DNS does not leak. This means no InetAddress
look ups before you connect, and that the SOCKS support is the right
kind for the remote DNS resolution support.
> Need to decide if it's smarter to port the Facebook SDK lib to Apache
> or add a HttpURLConnection support to NetCipher. Obviously the latter
> would be more flexible, but I'm not sure how much work that will be.
I think if we can ensure the SOCKS proxying works as expected, then the
latter is the best bet.
More information about the Guardian-dev