[pmwiki-users] security (again!)
James M
jamesm1415 at googlemail.com
Sat Mar 7 15:40:45 CST 2009
Thanks for the suggestion Guillermo. I copied your lines of code into
config.php and it makes no difference when I go to login.
Is there anthing I'm missing?
Thanks,
James
On Fri, Mar 6, 2009 at 6:51 PM, Guillermo Calderon - INCO <
calderon at fing.edu.uy> wrote:
> James M escribió:
> > It seems that the login pages on pmwiki are `en clair' (unencrypted - eg
> > not https). Is there any way around this, apart from hosting the whole
> > site on https ?
> > The IT guru who guards our servers at university is unhappy about having
> > pmwiki installed where passwords are transmitted without being encrypted.
> >
>
> In a previous message I wrote this:
>
> ===============
> I have implemented a simple solution where only passwords are sent
> via SSL and the other posts are sent via http.
>
> In config.php:
>
> SDVA($InputTags['auth_form'], array(
> ':html' => "<form
> action='https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}'
> method='post'
> name='authform'>\$PostVars"));
>
> This way the action field of the auth-form sends all the information
> via https.
> ============================
>
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20090307/9aca4647/attachment.html
More information about the pmwiki-users
mailing list