We have a username/password form fields on the home page and the client does
not want these to be sent in clear text. We do have SSL running, but I am
trying to figure out how to tell the home page to redirect to the https by
default without going into a loop.
Thanks!
[Todays Threads]
[This
cfif cgi.server_port NEQ 443
cflocation
url="" /
/cfif
-Original Message-
From: stas [mailto:[EMAIL PROTECTED]
Sent: Monday, February 09, 2004 10:48 AM
To: CF-Talk
Subject: SSL redirect
We have a username/password form fields on the home page and
the client does
PROTECTED]
-Original Message-
From: stas [mailto:[EMAIL PROTECTED]
Sent: Monday, February 09, 2004 10:48 AM
To: CF-Talk
Subject: SSL redirect
We have a username/password form fields on the home page and the client does
not want these to be sent in clear text. We do have SSL running, but I am
: SSL redirect
You should be able to leave the form page non-ssl and just post the form
to
https.Improves performance/speed on the homepage without comprimising
security.
-Cameron
-
Cameron Childress
Sumo Consulting Inc
---
land:858.509.3098
cell:678.637.5072
aim:cameroncf
: Monday, February 09, 2004 11:48 AM
Subject: SSL redirect
We have a username/password form fields on the home page and the client
does
not want these to be sent in clear text. We do have SSL running, but I am
trying to figure out how to tell the home page to redirect to the https by
default
Yes.
However, end users don't normally know this.So, most sites will have the entry form ssl'd as well.
- Original Message -
From: Deanna Schneider [EMAIL PROTECTED]
Date: Monday, February 9, 2004 12:39 pm
Subject: Re: SSL redirect
Cameron,
So, if you post from non-ssl to ssl
1:37 PM
Subject: Re: SSL redirect
Yes.
However, end users don't normally know this.So, most sites will have the
entry form ssl'd as well.
- Original Message -
From: Deanna Schneider [EMAIL PROTECTED]
Date: Monday, February 9, 2004 12:39 pm
Subject: Re: SSL redirect
Cameron,
So
PROTECTED]
-Original Message-
From: Deanna Schneider [mailto:[EMAIL PROTECTED]
Sent: Monday, February 09, 2004 11:40 AM
To: CF-Talk
Subject: Re: SSL redirect
Cameron,
So, if you post from non-ssl to ssl, the posted data is still secure?
-Deanna (who will be dealing with this same issue
.
- Original Message -
From: [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Monday, February 09, 2004 12:37 PM
Subject: Re: SSL redirect
Yes.
However, end users don't normally know this.So, most sites will have the
entry form ssl'd as well.
- Original Message -
From
Thanks, Cameron - so if one were to use a protocol analyzer to read the post data, it'd be gibberish, right?
- Original Message -
From: Cameron Childress
To: CF-Talk
Sent: Monday, February 09, 2004 2:29 PM
Subject: RE: SSL redirect
You should be able to leave the form page non-ssl
Thanks, Cameron - so if one were to use a protocol analyzer
to read the post data, it'd be gibberish, right?
Yes, that's correct.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads]
[This Message]
[Subscription]
[Fast
-
From: Dave Watts
To: CF-Talk
Sent: Monday, February 09, 2004 3:45 PM
Subject: RE: SSL redirect
Thanks, Cameron - so if one were to use a protocol analyzer
to read the post data, it'd be gibberish, right?
Yes, that's correct.
Dave Watts, CTO, Fig Leaf Software
[Todays Threads]
[This Message
, February 09, 2004 1:27 PM
To: CF-Talk
Subject: Re: SSL redirect
Argh... another problem.
After I do this - post fron unsecured page to SSLd page, my application is
doing a redirect - by design. If I redirect to a non-SSL page the browser
throws a dialogue box that might scare regular users
13 matches
Mail list logo