HOME|CONTACT US
Forum
Community Login
Infusionsoft Community
Welcome, Guest
Please Login or Register.    Lost Password?
Infusionsoft Community Infusionsoft Discussions Tech Corner APIs, Templates & Resources
concerns about SSL and the iSDK (1 viewing) (1) Guests
Go to bottom Post Reply Favoured: 0
TOPIC: concerns about SSL and the iSDK
#8133
nonickch (User)
Senior Boarder
Posts: 36
graphgraph
User Offline Click here to see the profile of this user
concerns about SSL and the iSDK 1 Month ago Karma: 1  
Another issue that is lately bugging me:

Why is the iSDK setting:
setSSLVerifyPeer(FALSE);

Our communication does get encrypted, meaning noone can listen in on the contact/CC info being passed by, but noone can stop somebody residing anywhere between our script and the infusion server performing a Man-in-the-middle attack

For people unaware of MITM attacks and don't care to read the link (you should), it pretty simple:
Someone intercepts the communication and pretends to be the infusionsoft server. He accepts our requests, saves a copy, then forwards them to the real infusionsoft server. Then receives the reply and forwards it back to us.

SSL provides both encryption and authentication, and by dropping SSLVerifyPeer we effectively drop the authentication part rendering encryption next to useless (anyone that can listen in on the communication can also perform MITM).
 
Report to moderator   Logged Logged  
  The administrator has disabled public write access.
      Topics Author Date
    thread link
concerns about SSL and the iSDK
nonickch 2009/10/16 01:45
Go to top Post Reply
Powered by FireBoardget the latest posts directly to your desktop
 
©Copyright Infusionsoft 2007.  All rights reserved.  Privacy PolicyAcceptable Use PolicyBilling PolicyInfusion Blog

Small Business CRM Marketing Software Email Marketing Small Business CRM Features Contact Management