-1

I have the following situation: have a server (ubuntu) running an application. I have a client (only the one client) requesting stuff from that server. To execute the requests, the client has to provide valid credentials.

Now someone could track the traffic and sniff the credentials. Therefore I need to secure the connection. I guess HTTPS and certificates are the way to go here. But I have a basic understandig problem here. Do I need to generate a certificate on the server and give it to the client, so he can sign his requests? Or how is this working?

I really only have this one server and one client. No other client should ever be able to talk to my server. (And I cannot restrict the requests to the IP of the client because it is changing)

Sven
  • 98,649
  • 14
  • 180
  • 226
jan
  • 129
  • 9
  • Jan, you are missing the basics of SSL w.r.t. sniffing, I suggest you to read the answers to [How does SSL work?](http://security.stackexchange.com/q/20803/2630) (on Sec.SE). This secures the transport, your application must still validate the credentials. – Lekensteyn Mar 27 '14 at 13:58

1 Answers1

0

First, which type of application are you using?

If it's a webservice or similar, you could indeed use HTTPS. Configure your webservice that it only accepts https connections and provice a .htaccess file with authentication. The HTTPS prevents people from sniffing your credentials. The .htaccess prevents unauthorized users to get access.

In case it's not a webservice, you could create a VPN. The VPN prevents unauthorized access and sniffing, but has to be set up before you access your server.

Gewürzwiesel
  • 73
  • 6