[guardian-dev] NetCipher and HttpURLConnection
josh at vitriolix.com
Tue Feb 11 14:54:40 EST 2014
On Mon, Feb 10, 2014 at 6:55 PM, Nathan of Guardian <
nathan at guardianproject.info> wrote:
> On 02/10/2014 09:38 PM, Josh Steiner wrote:
>> I think it does, but I havn't tried it:
>> "By default, this class will connect directly to the origin server. It
>> can also connect via an HTTP or SOCKS proxy. To use a proxy,
>> useURL.openConnection(Proxy) when creating the connection."
> Hmm, great. Not sure why we missed that before, or perhaps it changed?
> The main issue, and one we have a problem with right now with Apache, is
> that we need to make sure DNS does not leak. This means no InetAddress
> look ups before you connect, and that the SOCKS support is the right
> kind for the remote DNS resolution support.
Interesting, I'll see what I can dig up on that. If HttpURLConnecction* is
better in this regard, would you prefer to drop Apache support or to keep
both as an option? It is nice to have both if you are integrating with 3rd
party libs where you can't control what they decided to use, but if its a
gaping security hole we might not want to endorse it.
>> Need to decide if it's smarter to port the Facebook SDK lib to Apache
>> or add a HttpURLConnection support to NetCipher. Obviously the latter
>> would be more flexible, but I'm not sure how much work that will be.
> I think if we can ensure the SOCKS proxying works as expected, then the
> latter is the best bet.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Guardian-dev