Hi Jospeh, > So, I've turned on the configuration flag that forces the user to use HTTPS > when they log in to DSpace; > > Should the rest of their session take place over an https connection or is it > safe for them to go back to regular http after they have logged in?
For most sites, it is considered safe to go back to http. You might want to consider securing a few other pages, such as the password change page. Thanks, Stuart Lewis Digital Development Manager Te Tumu Herenga The University of Auckland Library Auckland Mail Centre, Private Bag 92019, Auckland 1142, New Zealand Ph: +64 (0)9 373 7599 x81928 ------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech