I'm not as expert in cryptology, but many of the use cases you write below somehow don't seem right to me.
> 1. A page has information that needs to be secure, i.e. demographic > information, billing information. This information can be accessed from a > non-secured page, i.e. home page Is the page secured, or is it not? If you access secured information through a non-secured page, then the info is no longer secured. > 2. Submitting a form has to be secure, i.e. login information, demographics > information > > This can be from a non-secure page (login home page) or secure-page > (demogaphics page). Not sure how to do this without the proposed refactor > (doPostPrepend()) since the URL generation is encapsulated and final. Same thing. If you're submitting information via http, then it's no loner secured. You need to submit via https, with all the ssl/tls caveats in place, for it to be secured. > 3. When on a secure page, link to a non-secure page (from demographics > page to company info) Sure, that's not a problem. Just use an ExternalLink. What Eelco writes seems to make sense to me. I think you need to consider the http and https versions conceptually as two separate apps, or else you'll run into a lot of trouble. Cheers, Dave --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
