We do what Steve suggests (Apache/SSL in front of 4D). It isn't that hard to set up and allows us to share SSL support across both static and dynamic content (A4D and others). Chris may want to ask the Nug for help or contact 4D Tech Support.
There may also be some info at kb.4d.com (there a number of SSL related articles) Brad Perkins On 1/18/12 2:10 PM, "Steve Alex" <[email protected]> wrote: > >On Jan 18, 2012, at 12:19 PM, Christian Cypert wrote: > >> Just a quick question as I think I know the answer, but we are >>investigating adding SSL to our product. This is the first time I've >>even looked into SSL and just want to make sure I have all the bases >>covered. >> >> From what I understand it's basically all on the 4D side of things that >>we need to get things working as far as making sure SSL is turned on and >>the certificates and all. I really shouldn't have to do anything on the >>Active4D side (we are using the 4D web server). We do allow uploads so >>would I need to modify any code there? > >SSL is a strange beast on 4D. At my last real job, we could never get it >to work on 4D, but I can't remember all the details (one was we used a 4D >client as the webserver). Most Active4D SSL implementations use Apache, >NginX or another REAL webservers as a front end to 4D/Active4D and create >a proxy pass to a high port number (e.g., 8080) The certificates are >then placed someplace and the configuration file of the web server takes >care of the of finding them and the encryption and decryption. > >One of the reasons was having to run 4D as root to server port 80 and 443 >and how screwed up 4D setup was for ssl. That may have improved. I >realize that adding the front end web server would add more configuration >problems for you, so I guess you should try it with 4D. As far as >Active4D is concerned, the are no differences, it get stuff after >decryption and send it out plain html and 4D or the proxy do the >encryption. HTTPS adds very little overhead and uploads using SSL was no >problem. > >I'd suggest asking the Active4D list if anyone is using SSL with just 4D >and what you have to do or watch out for. Remember that 4D will only >talk about using their tag input. > >Steve > > >_______________________________________________ >Active4D-dev mailing list >[email protected] >http://list.aparajitaworld.com/listinfo/active4d-dev >Archives: http://vasudev.aparajitaworld.com/archive/active4d-dev/ _______________________________________________ Active4D-dev mailing list [email protected] http://list.aparajitaworld.com/listinfo/active4d-dev Archives: http://vasudev.aparajitaworld.com/archive/active4d-dev/
