Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am building a iPhone web based app for our execs to view sales data. The app goes over SSL with a typical login page that sets a cookie for the day.
Since the info is sensitive and we have a VPN at work I was hoping as a double precaution I could send all communications with this app over our VPN.
Is there a way I can route traffic over the VPN only for a specific URL? Does anyone have any more info on the “Send All Traffic” in the VPN configuration
Thanks
The app has very little control over the VPN. A properly configured HTTPS site (particularly employing bi-directional certificates) will give you the kind of protection you’re looking for your application.
That said, I strongly advocate that business users send all data over the VPN in all cases. This eliminates a wide variety of attacks and provides the opportunity for additional monitoring and protection. Thus, I generally recommend using the “Send All Traffic” VPN configuration. This would allow you to move the app entirely internal, so that outsiders cannot access the login page.