Andreas Hartmann wrote:
> Hi Lenya devs,
>
> virtually every proxy setup redirects the login usecase to https:
>
> # Redirect the login usecase to https
> RewriteCond %{QUERY_STRING} (.*)lenya\.usecase=ac\.login(.*)
> RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
>
> Maybe it would make sense to let Lenya do this?
>
> <usecase id="ac.login" ssl="true">
> <role id="session" method="grant"/>
> </usecase>
nice idea in principle, but...
> Another question is if requiring SSL should (optionally?) be inherited
> to sub-pages. I wanted to configure the docu publication to require SSL
> for all authoring+archive+transh pages, but ATM this would mean to click
> the SSL checkbox manually for every single page. IMO it would be nice if
> we could enable SSL for complete areas.
hmm. it's quite trivial to force ssl for a whole area with a rewrite
rule. and since ssl and proxies are somewhat intertwined, why not leave
it at that rather than introduce new complication?
i would be ok with a usecase that does recursive ssl enabling by
actually checking the ssl flag of every subpage (sort of an auto-click
:), but we should not introduce inheritance and complicated lookup
mechanisms.
there's the potentially dangerous situation when a page that should have
ssl (and was in an ssl subtree) gets moved out of it and loses ssl
protection - too many subtle pitfalls imho.
regards,
jörn
--
Jörn Nettingsmeier
"One of my most productive days was throwing away 1000 lines of code."
- Ken Thompson.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
