[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

[ic] AlwaysSecure is not working

Subject: [ic] AlwaysSecure is not working
From: interchange-users@interchange.redhat.com (Kyle Cook)
Date: Mon Feb 25 18:17:00 2002
In-reply-to: <3C7A6CB3.A1F1D265@blackpoint.de>

At 08:56 AM 2/25/02, you wrote:
>Hi List,
>
>since IC Version 4.6.5 and IC 4.8.3,
>
>3.4. AlwaysSecure
>-----------------
>
>Determines whether checkout page operations should always be secure.
>Set it to the pages that should always be secure, separated by spaces
>and/or tabs.
>
>    AlwaysSecure    ord/checkout
>
>is not working. Am I missing somethings?
>
>In normal case, if I call
>
>http://www.mydomain.com/cgi-bin/myshop/ord/checkout
>
>it should be secure by IC automatically. But why is that not working
>with IC? MV make this right!
>
>Any tips, hints and suggestions are very welcomes.
>
>Thanks!
>
>Joachim

Joachim,

If you use area and page tags and set AlwaysSecure then the url is built to 
be secure.

To have IC "switch to secure" would require a redirect to the browser after the
browser requested an unsecure page.

Technically it would be possible to redirect GET, but not possible to 
redirect POST.

But there still remains the problem that the first call to an unsecure page 
passes
all information insecurely before any redirect could be done.

The best course is to use area and page tags!

Kyle Cook

Follow-Ups:
- [ic] AlwaysSecure is not working
  - From: interchange-users@interchange.redhat.com (Joachim Leidinger)

References:
- [ic] AlwaysSecure is not working
  - From: interchange-users@interchange.redhat.com (Joachim Leidinger)

Prev by Date: [ic] AlwaysSecure is not working
Next by Date: [ic] AlwaysSecure is not working
Previous by thread: [ic] AlwaysSecure is not working
Next by thread: [ic] AlwaysSecure is not working
Index(es):
- Date
- Thread