Thanks Olle - I understand now. Patrick: isn't this something that could/should be built in to pmwiki, or at least to AuthUser ?
Thanks, James On Sat, Mar 7, 2009 at 11:09 PM, Olle <[email protected]> wrote: > On Saturday 07 March 2009 22.40.45 James M wrote: > > Thanks for the suggestion Guillermo. I copied your lines of code into > > config.php and it makes no difference when I go to login. > > Is there anthing I'm missing? > > > > It probably works fine, it's just that you don't notice any difference. > Only > when you click on Login is your password sent through HTTPS. > > But, the login page itself should be fetched with HTTPS as well. Otherwise, > the user can't tell if the login form is an attempt to steal passwords, or > if > it's the Real Thing. > > So i suggest somehow changing the links and redirects that points to the > login > page, so that they str_replace http with https. I did something along those > lines with our student society's wiki, (by modifying the UserAuth2 recipe), > and it works... reasonably. Just like the rest of Pmwiki. ;-) > > /Olle Bergkvist > > > Thanks, > > James > > > > > > On Fri, Mar 6, 2009 at 6:51 PM, Guillermo Calderon - INCO < > > > > [email protected]> wrote: > > > James M escribió: > > > > It seems that the login pages on pmwiki are `en clair' (unencrypted - > > > > eg not https). Is there any way around this, apart from hosting the > > > > whole site on https ? > > > > The IT guru who guards our servers at university is unhappy about > > > > having pmwiki installed where passwords are transmitted without being > > > > encrypted. > > > > > > In a previous message I wrote this: > > > > > > =============== > > > I have implemented a simple solution where only passwords are sent > > > via SSL and the other posts are sent via http. > > > > > > In config.php: > > > > > > SDVA($InputTags['auth_form'], array( > > > ':html' => "<form > > > > > > action='https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}' > > > method='post' > > > name='authform'>\$PostVars")); > > > > > > This way the action field of the auth-form sends all the information > > > via https. > > > ============================ > > > > > > > > > _______________________________________________ > > > pmwiki-users mailing list > > > [email protected] > > > http://www.pmichaud.com/mailman/listinfo/pmwiki-users > > > > _______________________________________________ > pmwiki-users mailing list > [email protected] > http://www.pmichaud.com/mailman/listinfo/pmwiki-users >
_______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
