[pmwiki-devel] question about Cookbook/SwitchToSSLMode
Guillermo Calderon - INCO
calderon at fing.edu.uy
Tue Nov 25 10:37:57 CST 2008
Hi all;
I was reading the page Cookbook/SwitchToSSLMode.
There, a complex solution is described in order to "only actions where
passwords are likely to be passed are sent via SSL"
However, "The example assumes there are not read-protected pages, since
any 'read' passwords entered to view a page would be sent via a non-SSL
connection"
It sounds too restricted since (almost) every wiki has some
read-protected pages and groups.
I have implemented a very simple solution where only passwords are sent
via SSL and the other posts are sent via http.
In config.php:
SDVA($InputTags['auth_form'], array(
':html' => "<form
action='https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}'
method='post'
name='authform'>\$PostVars"));
This way the action field of the auth-form sends all the information
via https.
My question: does this solution really work?
(I think so, by I would like to be sure)
Guillermo
More information about the pmwiki-devel
mailing list