POODLE SSLv3 vulnerability
4 posts
• Page 1 of 1
POODLE SSLv3 vulnerability
by richh » Mon Oct 20, 2014 8:27 pm
Is anyone able to comment on whether Servoy with its diverse range of networking capabilities is totally shielded from the POODLE SSLv3 vulnerability on the Internet, or is Servoy vulnerable if particular networking settings are in operation? I guess the answer lies in the fallback limitations (if any) configured in the server, of which there will be many flavours. Any evidence and views?
Richard Hinder
Chartered Engineer and priest
Chartered Engineer and priest
- richh
- Posts: 78
- Joined: Sat Jan 14, 2006 8:34 pm
- Location: London
Re: POODLE SSLv3 vulnerability
by ROCLASI » Tue Oct 21, 2014 1:23 am
Hi Richard,
The POODLE vulnerability is not easy to exploit. I heard so far only one scenario and that is when users are using public WiFi.
Do your users use public hotspots ?
The POODLE vulnerability is not easy to exploit. I heard so far only one scenario and that is when users are using public WiFi.
Do your users use public hotspots ?
Robert Ivens
SAN Developer / Servoy Valued Professional / Servoy Certified Developer
ROCLASI Software Solutions / JBS Group, Partner
Mastodon: @roclasi
--
ServoyForge - Building Open Source Software.
PostgreSQL - The world's most advanced open source database.
SAN Developer / Servoy Valued Professional / Servoy Certified Developer
ROCLASI Software Solutions / JBS Group, Partner
Mastodon: @roclasi
--
ServoyForge - Building Open Source Software.
PostgreSQL - The world's most advanced open source database.
-
ROCLASI - Servoy Expert
- Posts: 5438
- Joined: Thu Oct 02, 2003 9:49 am
- Location: Netherlands/Belgium
Re: POODLE SSLv3 vulnerability
by richh » Wed Oct 22, 2014 10:31 am
Hi Robert
Good point. In general the users do not use public WiFi. However, it would make sense for me to warn users not to do so.
Good point. In general the users do not use public WiFi. However, it would make sense for me to warn users not to do so.
Richard Hinder
Chartered Engineer and priest
Chartered Engineer and priest
- richh
- Posts: 78
- Joined: Sat Jan 14, 2006 8:34 pm
- Location: London
Re: POODLE SSLv3 vulnerability
by jcompagner » Thu Oct 23, 2014 11:26 am
in WAR deployment this is purely the containers configuration.
In an default application server install you should just tweak the tomcat configuration to allow only specific stuff on the https connector.
In an default application server install you should just tweak the tomcat configuration to allow only specific stuff on the https connector.
Johan Compagner
Servoy
Servoy
-
jcompagner - Posts: 8833
- Joined: Tue May 27, 2003 7:26 pm
- Location: The Internet
4 posts
• Page 1 of 1
Return to Discuss possible Issues and Bugs
Who is online
Users browsing this forum: No registered users and 9 guests