Andreas Hartmann wrote:
Michael Wechner schrieb:
Andreas Hartmann wrote:
Markus Angst schrieb:
Hi,
our SSL handling is a bit undetermined ATM (please correct me
if I'm wrong). We support to set and detect if a page should use
an SSL connection, and select the proxy based on this setting.
Some questions:
- If a page is requested using SSL, should all links from this
page to other internal pages also use an https:// URL? IMO yes.
I note that you write "requested using" and not "configured for" SSL.
Yes - I once had a discussion with a customer, and he stated that
it doesn't make sense to configure SSL per page.
just think about data sheets of employees with salaries included, etc.
Sorry, my wording was not correct. It has to be possible to switch
to SSL for certain pages, but according to him the subsequent pages
should be served using SSL too.
what do you mean with subsequent? Subsequent clicks? (I guess when using
relative paths then these will also be SSL)
When one is using absolute paths then I guess SSL should only be used
when the flag is set to true.
Also one needs to be aware of the difficulty of absolute paths behind a
proxy.
Cheers
Michael
Once a user
requests a page using SSL, she expects that the subsequent pages
are served using SSL as well. Not sure if this is principle is
universally valid, though.
I don't think that really makes (whereas it also doesn't hurt probably),
whereas I think it makes sense if the SSL could be inherited, such that
whole areas can be flagged as SSL, but I don't know if Lenya does
support this functionality.
AFAIK the setting of the SSL checkbox is inherited, you can't disable
SSL on a descendant of an SSL-encrypted page.
-- Andreas
--
Michael Wechner
Wyona - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
+41 44 272 91 61
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
