On Wed, May 12, 2004 at 11:46:30PM -0400, Steven J. Owens wrote:
> > >From: Nathan Maves [mailto:[EMAIL PROTECTED]
> > >
> > >I have been using the sercurityfilter by Max Cooper.
> > >
> > >I wanted to know the best way to incorporate SSL into the picture.
> > >What is the best way to ensure that the login page and submission
> > >action is encrypted?
I wrote:
> For something similar for our particular application, we asked
> the hosting service (eapps.com, we've been pretty happy with them) to
> configure something similar, but at the apache level. It's worked
> pretty nicely and reliably.
>
> If you're not using apache, or don't have access to those config
> files, the simple answer might be to set up a servlet filter that's
> mapped to the URL pattern "/*", and have it send back a client-side
> redirect, bouncing any non-SSL requests to the SSL version.
Doh! These two paragraphs got switched around, so the "something
similar" bit in the first paragraph makes no sense. To rephrase:
We asked the eapps.com support folks to set up an apache-level
redirect rule, that bounced any request to http://foo.com/bar over to
https://foo.com/bar.
--
Steven J. Owens
[EMAIL PROTECTED]
"I'm going to make broad, sweeping generalizations and strong,
declarative statements, because otherwise I'll be here all night and
this document will be four times longer and much less fun to read.
Take it all with a grain of salt." - Me at http://darksleep.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
