Hi all;
I was reading the page Cookbook/SwitchToSSLMode.
There, a complex solution is described in order to "only actions where
passwords are likely to be passed are sent via SSL"
However, "The example assumes there are not read-protected pages, since
any 'read' passwords entered to view a page would be sent via a non-SSL
connection"
It sounds too restricted since (almost) every wiki has some
read-protected pages and groups.
I have implemented a very simple solution where only passwords are sent
via SSL and the other posts are sent via http.
In config.php:
SDVA($InputTags['auth_form'], array(
':html' => "<form
action='https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}'
method='post'
name='authform'>\$PostVars"));
This way the action field of the auth-form sends all the information
via https.
My question: does this solution really work?
(I think so, by I would like to be sure)
Guillermo
_______________________________________________
pmwiki-devel mailing list
pmwiki-devel@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
