Andreas Hartmann wrote:
Markus Angst schrieb:
Hi,
our SSL handling is a bit undetermined ATM (please correct me
if I'm wrong). We support to set and detect if a page should use
an SSL connection, and select the proxy based on this setting.
Some questions:
- If a page is requested using SSL, should all links from this
page to other internal pages also use an https:// URL? IMO yes.
I note that you write "requested using" and not "configured for" SSL.
Yes - I once had a discussion with a customer, and he stated that
it doesn't make sense to configure SSL per page.
just think about data sheets of employees with salaries included, etc.
Once a user
requests a page using SSL, she expects that the subsequent pages
are served using SSL as well. Not sure if this is principle is
universally valid, though.
I don't think that really makes (whereas it also doesn't hurt probably),
whereas I think it makes sense if the SSL could be inherited, such that
whole areas can be flagged as SSL, but I don't know if Lenya does
support this functionality.
Cheers
Michael
What do you mean by "internal"? Internal to Lenya, the publication or to
a usecase?
I meant internal to Lenya, but this is subject to discussion.
This means that a user can switch to https whenever he/she wants.
Yes, at least this is what my customer required.
After
a few clicks ("from https to https"), you might end up with an URL that
cannot be served.
Why would that be the case?
Not sure about this, but I guess that most of the times internal links
are absolute only when Lenya proxying is in effect??
AFAIK most links are resolved to absolute URLs ATM.
- Should we support to configure SSL for usecases?
At least for the login usecase (and probably some more; e.g. custom made
ones) this would make sense.
OK.
Thanks for your comments!
-- Andreas
--
Michael Wechner
Wyona - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
+41 44 272 91 61
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
