On Jan 18, 2012, at 12:19 PM, Christian Cypert wrote: > Just a quick question as I think I know the answer, but we are investigating > adding SSL to our product. This is the first time I've even looked into SSL > and just want to make sure I have all the bases covered. > > From what I understand it's basically all on the 4D side of things that we > need to get things working as far as making sure SSL is turned on and the > certificates and all. I really shouldn't have to do anything on the Active4D > side (we are using the 4D web server). We do allow uploads so would I need to > modify any code there?
SSL is a strange beast on 4D. At my last real job, we could never get it to work on 4D, but I can't remember all the details (one was we used a 4D client as the webserver). Most Active4D SSL implementations use Apache, NginX or another REAL webservers as a front end to 4D/Active4D and create a proxy pass to a high port number (e.g., 8080) The certificates are then placed someplace and the configuration file of the web server takes care of the of finding them and the encryption and decryption. One of the reasons was having to run 4D as root to server port 80 and 443 and how screwed up 4D setup was for ssl. That may have improved. I realize that adding the front end web server would add more configuration problems for you, so I guess you should try it with 4D. As far as Active4D is concerned, the are no differences, it get stuff after decryption and send it out plain html and 4D or the proxy do the encryption. HTTPS adds very little overhead and uploads using SSL was no problem. I'd suggest asking the Active4D list if anyone is using SSL with just 4D and what you have to do or watch out for. Remember that 4D will only talk about using their tag input. Steve _______________________________________________ Active4D-dev mailing list [email protected] http://list.aparajitaworld.com/listinfo/active4d-dev Archives: http://vasudev.aparajitaworld.com/archive/active4d-dev/
