Jersey and Apache Cxf have nice feautres with it:
GzipInOutInterceptors or similar, which could compress incoming-outgoing requests.
Does spring-ws have something like that?
I only found that it compress outgoing requests.
Spring-WS is also designed to support decompressing incoming messages, and this doesn't require any additional configuration, as long as the messages have the expected Content-Encoding: gzip header. The code that does this can be found in AbstractHttpSenderConnection.
Related
I have a react app with a pretty large build size, it is deployed on an Nginx server with SSL. I learned a bit about GZip and how it can improve the site's performance. But I also came to know that it is not to safe to use GZip with SSL.
GZip is enabled for HTML files by default in Nginx. Should I enable it for other files like Javascript and CSS as well to improve performance ?
When you say
it is not to safe to use GZip with SSL
i assume that you are talking about Breach Attack. Well for breach attack to be successful for the compressed response, two conditions need to be satisfied:
Reflect user-input in HTTP response bodies
Reflect a secret (such as a CSRF token) in HTTP response bodies
When you send compressed js/css files in response, you usually do not reflect user-input in the response. That means calling the js/css file url will only return that file.
Also you usually do not return any sensitive data in the response along with compressed js/css files.
So yeah it is completely safe to use Gzip compression for js/css assets. Static responses are not vulnerable to this attack.
Can someone tell me how can I connect to my "facebook" account using only the C standard library?
What I want is something like:
#include<sys/socket.h>
Connect ?
Well libcurl is easy-to-use client-side URL transfer library, supporting DICT, FILE, FTP, FTPS, Gopher, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, Telnet and TFTP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, Kerberos), file transfer resume, http proxy tunneling and more! But you need deep knowldege if using libcurl. You can download webpage. Libcurl handles application level protocols, so you don't have to write your own HTTP client code (for example) , now it's up to you.
I need to make comparison (on the basis of time) on OCSP request/response between a mobile device and desktop clients. I understand that one can use OpenSSL and other similar command line tools to check OCSP on desktop clients. But I don’t know how to go about making OCSP request on a mobile phone.
I want to send OCSP request for known certificate (e.g Facebook's) to its OSCP URL (http://ocsp.digicert.com) and obtain the certificate's revocation status.
Is there any tool or a guide on sample code (preferably J2ME) that I can use to send OCSP request and get response?
I understand that the BouncyCastle library for mobile devices has some sample classes related to OCSP. I have gone through but I have not been able to make much sense from them.
You could base64 the OCSP request and send it across on HTTP to the OCSP URL and then time it. Note that there might be a CDN that would serve the OCSP Response and that would factor in with the latency as well by reducing it.
How do you create an OCSP Request:
http://unmitigatedrisk.com/?p=42
I have a programming project where I have to create a multithreaded web server which handles HTTP requests.
I just learned socket programming and I got a client and a server running. I wanted to know what the best method would be for parsing the HTTP request headers. I saw this: how to parse http request in c++ a few minutes back. But I would rather not shift to C++ at this point. So how should one go about parsing an HTTP request in C?
You can have a look at the web servers in C such as mongoose (https://github.com/cesanta/mongoose/blob/master/mongoose.c) and could use the same methodology to parse the http request. But what would I suggest is that just go through the HTTP RFC 2616 since that would help you in writing your own parser for http requests.
By the way which kind of HTTP requests your Server is handling (GET or POST or BOTH) ??
In http post requests the HTTP header & data are separated by "\r\n\r\n".
In received data sscanf the Content-Length form the http header then start reading the data after you get "\r\n\r\n" until you get the same amount of data as mentioned in Content-Length.
My Server sends me a JSON data stream which is compressed using GZIP Compression.
When I request this data on the normal IE Browser, I get the data and when I mention the application to open with, The Browser automatically decompresses that data stream and shows me my JSON data.
My C Application is using COM/OLE to embed an IE Browser Instance and I am using WININET for GET/POST operations So here I get the data compressed.
Since its IE Browser Functionality that decompresses the GZIP data automatically in the case of the default IE browser
How can I get the data decrypted automatically via WININET in my C Application?
Starting Vista, INTERNET_OPTION_HTTP_DECODING flag enables gzip decoding within WinInet:
INTERNET_OPTION_HTTP_DECODING:
Enables WinINet to perform decoding for the gzip and deflate encoding schemes. For more information, see Content Encoding.
When decoding fails, the application has two options: it can remove the Accept-Encoding header and resend the request, or it can set the INTERNET_OPTION_HTTP_DECODING option on the request to false and then resend the request. If the decoding option is set to false, the application must check the Content-Encoding header and perform any decoding at the application level.
In earlier version of Windows you would have to decompress yourself (which is also reasonably easy using e.g. http://zlib.net/)