Posting on behalf of Andrew White, who has having some trouble posting to the list currently:
"If it's of any use to anyone, I have Mifos 1.1 installed with Apache + tomcat and use Apache 2 to force the user to an SSL session. While I signed cert from a cert authority that is recognized in most browsers is preferable, we were just testing and so have a self-signed cert. I set up Apache2 with mod_ssl as per the instructions here: http://sis36.berkeley.edu/projects/streek/howto/apache_2_0_49_mod_ssl-install.html and then in my document root, a simple .htaccess file to force the user to SSL: .htaccess contents: Options +FollowSymLinks RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} Seems to work fine. The user has to manually accept the self-signed cert. For a signed cert recognized by browsers, GeoTrust seems to have the lowest prices ($249 first year, $199/year thereafter). Hope this helps someone. -Andrew" On Fri, Sep 19, 2008 at 2:44 AM, Ryan Whitney <[EMAIL PROTECTED]> wrote: > > [...] > > My point is that Mifos is insecure "out of the box" and I may have > hijacked your point to make mine. > > What would be nice for me is to have SSL offered as a configuration option > when installing Mifos. One day I'll get around to putting in the time to > working out how to configure Tomcat for this. > > > I see now, that's an interesting idea. > > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Mifos-functional mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mifos-functional
