StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
18045054
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2013-08-04T16:29:04.883
FavoriteCount
0
LastActivityDate
2013-08-04T16:29:04.883
LastEditDate
2017-04-13T12:13:35.490
LastEditorUserId
-1
OwnerUserId
372643
ParentId
18036469
PostTypeId
2
Score
2
ViewCount
0
LastEditorDisplayName
text
Body
The TLS protocol only allows for certificates to be exchanged, not raw public keys. Even "PGP keys" (if you wanted to replace X.509 with <a href="http://tools.ietf.org/html/rfc5081" rel="nofollow noreferrer">OpenPGP for authentication in TLS</a>, which is much less supported) are in fact certificates (they're the signed combination of a public key and a set of identifiers and attributes). This being said, you can perform client authentication using self-signed client certificates and rely on their public keys (but you will need to verify this public key against something your server already knows, such as a known list). You need to understand the security implications for implementing this first. This is not quite the same problem as self-signed server certificates. (I'd suggest keeping a more traditional approach to verifying the server certificate.) You can make the client send a self-signed certificate (possibly using <a href="https://serverfault.com/a/382018/47187">certain tricks regarding the CA list advertised by the server</a>) and either perform the verification in the TLS stack or later in the application. Note that many application containers (e.g. Tomcat/Jetty in Java) expect the SSL/TLS layer to verify the client certificate. Hence, if you skip the authentication there (and prefer to do it later on within the container or as part of the application), many application frameworks will be confused. You need to be quite careful to make sure that authentication is actually performed somewhere before performing any action that requires authentication in your application. For example, it can be OK to have a trust manager that lets any client certificate through in Tomcat/Jetty, but you can't rely on the <code>javax.servlet.request.X509Certificate</code> request attribute to have been verified in any way (which most frameworks would otherwise expect). You'd need to implement some verification logic within your application: for example, having a filter before any authenticated feature that compares the public key in this client certificate with your known list of public keys (or however you want to match the public key to an identifier). Alternatively, you can also perform this verification within your custom trust manager (in Java), this will require less work within the applications. You could do something similar in an Apache Httpd + PHP setup (for example), using <code>SSLVerifyClient optional_no_ca</code>. Again, your PHP application could not rely on the certificate having been verified, so you would have to implement so verification there too. Don't do any of this unless you understand at which stage the certificate information you get has been verified.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POSSL Client Certificate authentication
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USCommunity
UserOwnerUserId
1. USBruno
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.