- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 20 for attacks (0.18 sec)
-
docs/features/https.md
By default, OkHttp trusts the certificate authorities of the host platform. This strategy maximizes connectivity, but it is subject to certificate authority attacks such as the [2011 DigiNotar attack](https://www.computerworld.com/article/2510951/cybercrime-hacking/hackers-spied-on-300-000-iranians-using-fake-google-certificate.html). It also assumes your HTTPS servers’ certificates are signed by a certificate authority.
Plain Text - Registered: Fri Apr 26 11:42:10 GMT 2024 - Last Modified: Sat Dec 24 00:16:30 GMT 2022 - 10.5K bytes - Viewed (0) -
docs/contribute/code_of_conduct.md
documentation may negatively impact others. * **Be respectful**: We expect people to work together to resolve conflict, assume good intentions, and act with empathy. Do not turn disagreements into personal attacks. * **Be collaborative**: Collaboration reduces redundancy and improves the quality of our work. We strive for transparency within our open source community, and we work closely with upstream
Plain Text - Registered: Fri Apr 26 11:42:10 GMT 2024 - Last Modified: Sun Feb 06 02:19:09 GMT 2022 - 5.1K bytes - Viewed (0) -
okhttp/src/main/kotlin/okhttp3/CertificatePinner.kt
import okio.ByteString import okio.ByteString.Companion.decodeBase64 import okio.ByteString.Companion.toByteString /** * Constrains which certificates are trusted. Pinning certificates defends against attacks on * certificate authorities. It also prevents connections through man-in-the-middle certificate * authorities either known or unknown to the application's user.
Plain Text - Registered: Fri Apr 26 11:42:10 GMT 2024 - Last Modified: Mon Jan 08 01:13:22 GMT 2024 - 14.2K bytes - Viewed (1) -
okhttp-tls/src/main/kotlin/okhttp3/tls/HandshakeCertificates.kt
} /** * Configures this to not authenticate the HTTPS server on to [hostname]. This makes the user * vulnerable to man-in-the-middle attacks and should only be used only in private development * environments and only to carry test data. * * The server’s TLS certificate **does not need to be signed** by a trusted certificate
Plain Text - Registered: Fri Apr 26 11:42:10 GMT 2024 - Last Modified: Mon Jan 08 01:13:22 GMT 2024 - 8.5K bytes - Viewed (1) -
docs/security/tls_configuration_history.md
TLS Configuration History ========================= OkHttp tracks the dynamic TLS ecosystem to balance connectivity and security. This page is a log of changes we've made over time to OkHttp's default TLS options. [OkHttp 3.14][OkHttp314] ------------------------ _2019-03-14_ Remove 2 TLSv1.3 cipher suites that are neither available on OkHttp’s host platforms nor enabled in releases of Chrome and Firefox. ##### RESTRICTED_TLS cipher suites
Plain Text - Registered: Fri Apr 26 11:42:10 GMT 2024 - Last Modified: Sun Feb 06 16:35:36 GMT 2022 - 9K bytes - Viewed (0) -
okhttp/src/main/kotlin/okhttp3/internal/cache/CacheStrategy.kt
private var ageSeconds = -1 /** * Returns true if computeFreshnessLifetime used a heuristic. If we used a heuristic to serve a * cached response older than 24 hours, we are required to attach a warning. */ private fun isFreshnessLifetimeHeuristic(): Boolean { return cacheResponse!!.cacheControl.maxAgeSeconds == -1 && expires == null } init { if (cacheResponse != null) {
Plain Text - Registered: Fri Apr 26 11:42:10 GMT 2024 - Last Modified: Mon Apr 15 13:24:48 GMT 2024 - 12K bytes - Viewed (0) -
CHANGELOG.md
``` * New: `Cookie.sameSite` determines whether cookies should be sent on cross-site requests. This is used by servers to defend against Cross-Site Request Forgery (CSRF) attacks. * New: Log the total time of the HTTP call in `HttpLoggingInterceptor`. * New: `OkHttpClient.Builder` now has APIs that use `kotlin.time.Duration`.
Plain Text - Registered: Fri Apr 26 11:42:10 GMT 2024 - Last Modified: Thu Apr 18 01:31:39 GMT 2024 - 21.4K bytes - Viewed (0) -
okhttp/src/test/java/okhttp3/internal/tls/CertificatePinnerChainValidationTest.kt
HeldCertificate.Builder() .serialNumber(1L) .certificateAuthority(4) .commonName("attacker ca") .build() val attackerIntermediate = HeldCertificate.Builder() .serialNumber(2L) .certificateAuthority(3) .commonName("attacker") .signedBy(attackerCa) .build() val pinnedRoot = HeldCertificate.Builder()
Plain Text - Registered: Fri Apr 26 11:42:10 GMT 2024 - Last Modified: Mon Jan 08 01:13:22 GMT 2024 - 23.8K bytes - Viewed (0) -
okhttp/src/main/kotlin/okhttp3/HttpUrl.kt
* * ```java * String attack = "http://example.com/static/images/../../../../../etc/passwd"; * System.out.println(new URL(attack).getPath()); * System.out.println(new URI(attack).getPath()); * System.out.println(HttpUrl.parse(attack).encodedPath()); * ``` * * By canonicalizing the input paths, they are complicit in directory traversal attacks. Code that * checks only the path prefix may suffer! *
Plain Text - Registered: Fri Apr 26 11:42:10 GMT 2024 - Last Modified: Tue Jan 09 12:33:05 GMT 2024 - 63.5K bytes - Viewed (1) -
okhttp/src/main/kotlin/okhttp3/Protocol.kt
*/ HTTP_1_0("http/1.0"), /** * A plaintext framing that includes persistent connections. * * This version of OkHttp implements [RFC 7230][rfc_7230], and tracks revisions to that spec. * * [rfc_7230]: https://tools.ietf.org/html/rfc7230 */ HTTP_1_1("http/1.1"), /** * Chromium's binary-framed protocol that includes header compression, multiplexing multiple
Plain Text - Registered: Fri Apr 26 11:42:10 GMT 2024 - Last Modified: Sat Apr 06 04:17:33 GMT 2024 - 4.4K bytes - Viewed (0)