Thanks Olle - I understand now.<div><br></div><div>Patrick: isn't this something that could/should be built in to pmwiki, or at least to AuthUser ?</div><div><br></div><div>Thanks, James</div><div><br><br><div class="gmail_quote">
On Sat, Mar 7, 2009 at 11:09 PM, Olle <span dir="ltr"><<a href="mailto:ollebe@student.chalmers.se">ollebe@student.chalmers.se</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Saturday 07 March 2009 22.40.45 James M wrote:<br>
> Thanks for the suggestion Guillermo. I copied your lines of code into<br>
> config.php and it makes no difference when I go to login.<br>
> Is there anthing I'm missing?<br>
><br>
<br>
</div>It probably works fine, it's just that you don't notice any difference. Only<br>
when you click on Login is your password sent through HTTPS.<br>
<br>
But, the login page itself should be fetched with HTTPS as well. Otherwise,<br>
the user can't tell if the login form is an attempt to steal passwords, or if<br>
it's the Real Thing.<br>
<br>
So i suggest somehow changing the links and redirects that points to the login<br>
page, so that they str_replace http with https. I did something along those<br>
lines with our student society's wiki, (by modifying the UserAuth2 recipe),<br>
and it works... reasonably. Just like the rest of Pmwiki. ;-)<br>
<font color="#888888"><br>
/Olle Bergkvist<br>
</font><div><div></div><div class="h5"><br>
> Thanks,<br>
> James<br>
><br>
><br>
> On Fri, Mar 6, 2009 at 6:51 PM, Guillermo Calderon - INCO <<br>
><br>
> <a href="mailto:calderon@fing.edu.uy">calderon@fing.edu.uy</a>> wrote:<br>
> > James M escribió:<br>
> > > It seems that the login pages on pmwiki are `en clair' (unencrypted -<br>
> > > eg not https). Is there any way around this, apart from hosting the<br>
> > > whole site on https ?<br>
> > > The IT guru who guards our servers at university is unhappy about<br>
> > > having pmwiki installed where passwords are transmitted without being<br>
> > > encrypted.<br>
> ><br>
> > In a previous message I wrote this:<br>
> ><br>
> > ===============<br>
> > I have implemented a simple solution where only passwords are sent<br>
> > via SSL and the other posts are sent via http.<br>
> ><br>
> > In config.php:<br>
> ><br>
> > SDVA($InputTags['auth_form'], array(<br>
> > ':html' => "<form<br>
> ><br>
> > action='https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}'<br>
> > method='post'<br>
> > name='authform'>\$PostVars"));<br>
> ><br>
> > This way the action field of the auth-form sends all the information<br>
> > via https.<br>
> > ============================<br>
> ><br>
> ><br>
> > _______________________________________________<br>
> > pmwiki-users mailing list<br>
> > <a href="mailto:pmwiki-users@pmichaud.com">pmwiki-users@pmichaud.com</a><br>
> > <a href="http://www.pmichaud.com/mailman/listinfo/pmwiki-users" target="_blank">http://www.pmichaud.com/mailman/listinfo/pmwiki-users</a><br>
<br>
<br>
<br>
_______________________________________________<br>
pmwiki-users mailing list<br>
<a href="mailto:pmwiki-users@pmichaud.com">pmwiki-users@pmichaud.com</a><br>
<a href="http://www.pmichaud.com/mailman/listinfo/pmwiki-users" target="_blank">http://www.pmichaud.com/mailman/listinfo/pmwiki-users</a><br>
</div></div></blockquote></div><br></div>