HTTPS Will contain the text "on" if the connection is using SSL/TLS, or "off" otherwise. (This variable can be safely used regardless of whether or not mod_ssl is loaded).
-----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Hartjes Sent: 31. december 2007 17:49 To: [email protected] Subject: Re: Require SSL for entire site? On Dec 31, 2007 11:39 AM, Bryan Encina <[EMAIL PROTECTED]> wrote: > > Is there anything within the cakephp framework to insure viewers are > using https vs normal http? What would be the best way of > implementing this? Would modifying the app_controller class with a > check for $_SERVER['HTTPS'] and then redirecting based on that be the > best solution? > Well, if you did want to do that sort of thing you could put it in a beforeFilter() method in app_controller, but can you really trust the contents of $_SERVER['HTTPS'] to be correct? If I understand correctly, that info can be spoofed along with lots of other $_SERVER values. Also, can't you limit access to stuff via the web server itself? I may be ignorant about setting up https in Apache, but it seems to make sense that you could say 'https uses code sitting over here while http uses stuff over there'. -- Chris Hartjes My motto for 2007: "Just build it, damnit!" @TheKeyboard - http://www.littlehart.net/atthekeyboard --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
