Certificate error when redirecting http://localhost to https://localhost

On IE, after the certificate error page is shown, clicking "Continue ..." link doesn't work.

• "http://localhost" is by default is assigned to "Locked-down Local Machine Zone" by Windows (later than XP SP2)
• When "http://localhost/" is redirected to "https://localhost/", IE detect server SSL certificate error and shows an error page. 
• This error page is internally has URL "res://ieframe.dll/invalidcert.htm?SSLError=50331648#http://localhost/" and is considered to be in "Internet Zone".
• "Locked-down Local Machine Zone" by default doesn't allow navigation into its zone from a less privileged zone (e.g. "Internet zone"). Thus clicking continue button is ignored.

Workaround for this problem

• Acces "https://localhost/". "https://localhost" is by default considered "Local Intranet zone" thus navigating from "res://ieframe" is possible.
• Access "http://127.0.0.1/". "http://127.0.0.1/" is by default considered "Internet zone" thus navigating from "res://ieframe" is possible.
• Add "http://localhost" to "Trusted Zone". "Trusted Zone" allows navigation from "Internet Zione" thus navigating from "res://ieframe" is possible. 
• Using Group policy editor (gpedit.msc), edit User Configuration - Administrative Templates - Windows Components - Internet Explorer - Internet Control Panel - Security Page - Locked-down Local Machine Zone, and set "Web sites in less privileged Web content zones can navigate into this zone" to Enabled (don't forget to set the Options part inside the dialog to "Enabled" too).

Notes: Adding "http://localhost" to "Trusted zone" (or any other zones) internally remove it from "Locked-down Local Machine Zone". If "http://localhost" is afterwards removed from "Trusted zone", it will no longer explicitly bound to any zone and will be considered to belong to "Internet zone". Thus the problem reported here won't reappear after the removal.

Installing SSL Certificate

Installing certificate on server

• http://www.globalsign.com/support/install/install_iis7.php
• Multiple common names for certificate using Self-SSL

Installing certificate on clients

• http://www.mclnet.co.jp/tech/other/ssl-crt-install.html
• http://blogs.technet.com/b/sbs/archive/2008/05/08/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista.aspx

MVC custom authorization and jQuery redirect

http://beckelman.net/post/2010/04/01/Custom-ASPNET-MVC-Authorization-Attribute-For-Ajax-Requests.aspx
http://blogs.msdn.com/b/rickandy/archive/2011/05/02/securing-your-asp-net-mvc-3-application.aspx

Tuning jQuery: http://www.artzstudio.com/2009/04/jquery-performance-rules/

Memory leak: http://stackoverflow.com/questions/1462649/jquery-memory-leak-with-dom-removal

Cryptography

Shared-key encryption

• c = Enc(key, msg) ----(c)---- msg = Dec(key, c)

Shared-key signature

• m,a = h(key, m) ----(m,a)---- m,a =? h(key, m) 

Public-key encryption

• c = Enc(P-recv, m) ----(c)---- m=Dec(S-recv,m)

Public-key signature

• m,a = f(S-send, m) ----(m,a)---- m,a =? g(P-send,m)

Certificate is basically a message signatured by a Certificate Authority (CA)

• m,a = f(S-CA, m) ----(m,a)---- m,a =? g(P-CA, m)

SSH see a good summary at http://aperiodic.net/phil/ssh/

• Host sends its public key to client for authentication
• Key authentication
• Client generate public-private key pair
• public key is sent to Host
• Client doesn't need password anymore (it needs to input passphrase for accessing the private key though)
• ssl-agent is used to remember the passphrase so that client can log into host without being asked anything
• Sequence for Key authentication
• Client connect to Server
• Server returns a 'challenge'
• Client create an 'authenticator' from the challenge and its private key, and send it back to Server
• Server check the 'authenticator' using the Client's public key
• SSH-Transport layer uses Key Exchange algorithm
• One example is here: http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

Jargon of terms: http://identityaccessman.blogspot.com/

COM and ATL

Converting CComSafeArray to VARIANT

Summary of Window Features

http://msdn.microsoft.com/en-us/library/windows/desktop/ms632599(v=vs.85).aspx

prototype to jQuery

new Element -> $elem(...)
element.getDimensions() -> $dimensions(element)
element.className = -> $j(element).{has,add,remove}Class
element.addClassName(...) -> $j(element).addClass(...)
element.setStyle(...) -> $j(element).css(...)
element.select(selector) -> $j(selector, element)
$(element).readAttribute(..) -> $j(element).attr(...)
element.show -> $j(element).show()
element.hide -> $j(element).hide()
array.last() -> array[array.length-1]
array.clear() -> array.length=0

OAuth

• OAuth 2.0 protocol Draft: http://tools.ietf.org/pdf/draft-ietf-oauth-v2-12.pdf
• Facebook: http://developers.facebook.com/docs/authentication/

Let's make web faster

http://code.google.com/speed/

Spdy: http://www.chromium.org/spdy

Other techniques

• Keep-alive
• Http Pipelining
• WebSockets

Condor

* Condor week 2007