Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

[RESOLVED] Security

https://forum.tranquil.it/viewtopic.php?t=1457

Page 1 of 1

[RESOLVED] Security

Published: September 21, 2018 - 2:56 PM
by Smart
Hello,

I have a WAPT server that is currently being installed on client machines. I would like to know:
- If someone were to create a second WAPT server, could they intercept the packets (server data, etc.)?
- Is there a way to secure a WAPT packet (in the Python code)?

Thank you in advance for your answers, keep up the good work.

Sincerely

Re: Security

Published: September 21, 2018 - 6:33 PM
by dcardon
Hello Smarty,
Futé wrote: Sep 21, 2018 - 2:56 PM I have a WAPT server that is being installed on client machines. I would like to know:
- If someone were to create a second WAPT server, could they intercept the packets (server data, etc.)?
The data streams are HTTPS by default. If you have configured a valid SSL certificate, the connection is as secure as your HTTPS connection to any HTTPS site (and it can be pinned). If you have a self-signed HTTPS certificate, you can have a man-in-the-middle attack, just like with any HTTPS connection. If you have a fake (unpinned) certificate, the communications can therefore be viewed.

However, even with a self-signed certificate, an attacker cannot install a malicious package because the packages themselves are signed. Finally, there is good documentation to read (see below); if you have a very specific question, please read it and point out where it needs clarification.

Futé wrote: Sep 21, 2018 - 2:56 PM - Is there a way to secure a WAPT package (in Python code)?
There is an extensive description of WAPT's security principles in the documentation:
https://www.wapt.fr/fr/doc/PrincipesSec ... ciple.html

For your information, version 1.5.0.13 has obtained CSPN certification from ANSSI [1]. While this cannot guarantee that there are no security bugs, it still means that people have looked into it and thoroughly examined it.

Sincerely,

Denis

[1] https://www.ssi.gouv.fr/entreprise/cert ... -1-5-0-13/

Re: Security

Published: September 24, 2018 - 1:27 PM
by Smart
Wow! Thank you so much for your reply. :) It's very thorough.

Best regards

Re: [RESOLVED] Security

Published: September 24, 2018 - 5:45 PM
by sfonteneau
To be precise, the contents of a WAPT packet are not sensitive.

Anyone can read the contents of a WAPT packet.

If you wish to protect the contents of a WAPT packet, you can do so by encrypting the sensitive data with the public certificate of each machine.

Example:
https://wapt.lesfourmisduweb.org/detail ... 4_all.wapt
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru