Sourceforge has a bit on this, too. Basically, they have a checkbox that 
lets you drop out of SSL after you login, so your username and password 
aren't sent over the wire in plaintext. However, after that, everything is 
plaintext, no SSL at all. Useful if you want to keep your password safe 
during transmission, but it sucks that everything can't be encrypted.

I haven't had any problems yet myself, but I've included that option in the 
stuff I work on just in case. I'm using apache 1.3.22, PHP 4.1.1 and 
mod_ssl 1.3.22. Seems to work so far, at least. (Although getting Konqueror 
to work it under KDE 2.2.2 is another story...)


Michael Kimsal wrote:

> Wm wrote:
> We've worked with this several times - it's an issue with IE under
> Windows.  The claim is that it only affect 'high security' (SGP or
> something) but my own experience is that it's always affected.  IE
> just won't work right with SSL if the web server isn't IIS.  You pretty
> much have no choice but to live with it or move to IIS as a server
> platform.
> Michael Kimsal
> 734-480-9961
> aim:mgkimsal

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to