I mentioned about the approaches as once I discussed with close contact who run serious application e.g. internet banking, advised the switching should be avoided. It may induce some problems due to secured http switching or someone could make a mistake and thus exposed the confidentiality risks, if i could recall. May be it just too pessimistic. Any way, appreciate your explanation about the binding. Just curious how much apache configuration is affected, e.g. is redirect good enough.
Cheers Cheong Hee On Tue, May 4, 2010 at 6:14 PM, David Griffith <[email protected]>wrote: > Hi Cheong, > > Yes that's what it does. Regarding which is the better practice, I don't > think it makes a huge difference but it might depend a bit on what you are > doing. For example, I am using one app but parts of that app (like where > the client logs in and gives account details etc.) uses SSL security. So > when the client clicks any link to go to that page, it has the binding > secure=true and when they click it the URL that they are directed to is > automatically changed to https://. If they click a link to go back to the > home page etc. it usually has secure=false and returns to standard http:// > . > > Regards, > David. > > On May 4, 2010, at 11:48 AM, Cheong Hee wrote: > > Is the component binding secure=true supposed to switch the url from http > -> https, and then by clicking on the component with binding secure=false it > will switch it back from https -> http? > If so, what will be the better practice : one secure app and one non-secure > app, or one app to switch secure/non-secure? > Sorry for interruption and don't mean to hijack.. > > Cheers > > Cheong Hee > > ----- Original Message ----- From: "David Griffith" < > [email protected]> > To: "WebObjects-Dev Mailing List List" <[email protected]> > Sent: Tuesday, May 04, 2010 5:12 PM > Subject: Re: secure binding > > > Hi Chuck, > > Yes, am using 5.4.3 and Wonder. It does look like an Apache issue, I was > wondering if it could be that. I'll ask the server guys to have a look and > see if they can change it. > > Thanks all for your comments, > > Regards, > David. > > On May 4, 2010, at 3:20 AM, Chuck Hill wrote: > > > On May 3, 2010, at 2:26 PM, David Griffith wrote: > > > Hi all, > > > > When you click certain buttons on my website, I want a secure URL > returned. I have set the secure=true binding and the page does get returned > using the https:// url instead of http:// but I have a question. It's not > so much of a problem as an inconsistency. > > I recall that being a bug in earlier 5.4 versions, is it not fixed in > 5.4.3? Are you using Wonder? I think that was fixed somewhere. > > > > If you go to the website http://www.mydomain.com and click around the > non-secure area, it will show the URL always as http://www.mydomain.com. > As soon as it goes to a secure URL, it displays as > https://mydomain.com(without the www in front). > > > > Does anyone know where this is generated from? > > I'd guess from the virtual host in Apache. Possibly with an incorrect DNS > record somewhere. > > > > It is clearly setting the value from somewhere. Perhaps it has something > to do with my adaptor URL? In the JavaMonitor page is says to specify the > full URL to the adaptor but I have always just used /app/WebObjects as I use > the same adaptor for various apps running on different domains. Would it be > related to that? > > I'd doubt it. > > > > I would just like it to come back with https://www.mydomain.com instead > as once it changes to the URL with the www, it stays that way. > > > > Any insight would be appreciated :) > > > Check the Apache config, then check the headers coming into your > application. > > > Chuck > > > -- > Chuck Hill Senior Consultant / VP Development > > Practical WebObjects - for developers who want to increase their overall > knowledge of WebObjects or who are trying to solve specific problems. > http://www.global-village.net/products/practical_webobjects > > > > > > > > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list ([email protected]) > Help/Unsubscribe/Update your Subscription: > http://lists.apple.com/mailman/options/webobjects-dev/chng34%40gmail.com > > This email sent to [email protected] > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list ([email protected]) > Help/Unsubscribe/Update your Subscription: > http://lists.apple.com/mailman/options/webobjects-dev/chng34%40gmail.com > > This email sent to [email protected] >
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
