Interchange Developer Resource
[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

[ic] AlwaysSecure is not working

Andrew McBeath wrote:
> 
> >
> >
> >>>
> >> Check out the ExtraSecure config directive...it allows only secure
> >> access to pages marked by AlwaysSecure...
> >
> >
> > Sure????
> >
> > I'm logged in as an user, who is allowed to access the checkout page.
> > After adding ExtraSecure into catalog.cfg, I get the violation page. Is
> > that the right result?
> >
> > Thanks!
> >
> > Joachim
> >
> [doco]
> http://interchange.redhat.com/cgi-bin/ic/docfly.html?mv_arg=icconfig05.26
> 
> ExtraSecure
> Disallows access to pages which are marked with AlwaysSecure unless the
> browser is in HTTPS mode.
> A Yes/No directive, the default is 'No.'
>   ExtraSecure  Yes
> *** icconfig, ExtraSecure
> [/doco]

Did you test it?
1. Without ExtraSecure:
the normal user/customer with account can access the checkout page with
SSL
2. a manual call of the checkout page is insecure
3. With ExtraSecure:
the normal user/customer get the violation page
4. a manual call of the checkout page has the same result as 3.

Joachim

BTW:
Beat me, if I'm wrong!

-- 
Hans-Joachim Leidinger | Dipl.-Phys.Ing. Entwicklung eCommerce
[leidinger@bpanet.de] 
Black Point Arts Internet Solutions GmbH
http://www.bpanet.de
Search for: Sort by: