>===== Original Message From "Ian Wells" <[EMAIL PROTECTED]> ===== >To my limited knowledge it looks as though there is no security, the access >is all over http rather than https. >Does this also mean that the password is sent unencrypted?
Yes, if you went to http://www.server.xxx/webcal No, if you went to https://www.server.xxx/webcal >This is not an immediate worry as it won't have sensitive information in my >case, but how easy would it be to change this? >Is it just a case of adding "RequireSSL on" to the httpd.conf? You could do that or just access webcal on https. The links on webcal's config file are not complete urls. It's not http(s)://www.server.com/webcal http(s)://www.server.com/webcal/webcal.cgi It is /webcal /webcal/webcal.cgi If you have people accessing it from another page, just make an https link, or you can also edit the index.shtml file to refresh/redirect/exec https://www.server.xxx/webcal/webcal.cgi Placido Sanchez [EMAIL PROTECTED] [EMAIL PROTECTED] www.geocities.com/lapsch -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
