[pmwiki-users] security (again!)
Guillermo Calderon - INCO
calderon at fing.edu.uy
Fri Mar 6 12:51:09 CST 2009
James M escribió:
> It seems that the login pages on pmwiki are `en clair' (unencrypted - eg
> not https). Is there any way around this, apart from hosting the whole
> site on https ?
> The IT guru who guards our servers at university is unhappy about having
> pmwiki installed where passwords are transmitted without being encrypted.
>
In a previous message I wrote this:
===============
I have implemented a simple solution where only passwords are sent
via SSL and the other posts are sent via http.
In config.php:
SDVA($InputTags['auth_form'], array(
':html' => "<form
action='https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}'
method='post'
name='authform'>\$PostVars"));
This way the action field of the auth-form sends all the information
via https.
============================
More information about the pmwiki-users
mailing list