[mod_python] Smart Card and mod_python and browser pluggins

Nicolas Lehuen nicolas.lehuen at gmail.com
Wed Oct 19 12:01:24 EDT 2005 

2005/10/19, Philippe C. Martin <pmartin at snakecard.com>:
>
> On Wednesday 19 October 2005 02:43 pm, Nicolas Lehuen wrote:
> > Then, you can go the plugin way but it's even more difficult than the
> > applet way. All the more if you want to be multi-browser (as I've
> > understood since you wrote about IE and Firefox) and multi-platform.
> You'll
> > have to learn two different plugin APIs, learn COM and ATL, master the
> > delicate art of C/C++ multi-platform programming, etc. etc.
> I think I already do (too proud :-), but the main issue is that I start
> from
> an existing cross-platform application.
>
> My big weakness here is how a client can exchange data with a server: I
> have
> two applications running (already) on both sides and I need to bridge
> them.
>
> I'm not even worried about the plugins once that's done, there's a mozilla
> book out there as MSDN.
>
> Regards,
>
> Philippe
>
>
Well, you look like you know what you are doing :). I wish you to succeed in
this !

To exchange data between the client and server, why not use HTTP ? With a
scheme like this :

1) The client sends an HTTP request to the server with the unique card Id.
The server generate and random value, associates it to the unique id
(storing it in a DB or something), and returns the random data to the
client.

2) The client makes another HTTP request, this time with the unique id, and
the random data encrypted with its diversified key. The server fetch the
public key of the client thanks to its unique id, decrypts what the client
sent and checks if it matches the previously stored random data. It can then
send back a redirect to the intended page, with a secure cookie which will
be required to access all subsequent pages.

To send HTTP request from the client, just use the APIs provided by the
plugin SDK.

Does this sound good ? In any case, this is very close to the standard HTTP
Digest method of authentication, except that you use asymetric encryption
algorithms.

Regards,
Nicolas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20051019/b71e5cb9/attachment.html

More information about the Mod_python mailing list