Sergej Zoubok wrote:
>
> It would be my first module to be released into the wild, but I'm
> certainly willing to give it a shot when things quiet down (late
> October). It's the least I could do for a community of folks I've never
> met but who have done so much for me over the years.
Thanks Sergej. Ask here for help or a peer review of your code, and I
think someone will assist you.
> Looking at the wiki I see that such a plugin should have at least the
> following features:
> -- ensure the entire C::A app can only be used via SSL if so
> desired/required
> -- identify only selected run modes to be secured
>
> Any other requests?
I think that's good enough for a 1.0 release.
> Also, there is apparently an issue with POST requests, which cannot be
> redirected without some probability (certainty?) of losing data. I need
> to research this to better understand the implications. If anyone has
> something to add on this, I'd appreciate it.
Although I'm not double-checking it now, I think POSTs cannot be
redirected as part of the spec. I think the appropriate response would
to return an error message at this point:
"A POST request was submitted to a page that must be accessed security.
The referring page should be adjusted to submit a version of this page
that starts with "https" rather than "http".
Mark
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/[email protected]/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
