plainblack.com
Username Password
search
Bookmark and Share
Force SSL on login and forms  (#69)
Issue
I like the new ability in WG v6 to force SSL on a per-page basis, but I'm not sure how to 1) do this on system pages like the login screen, and 2) how to do this dynamically for all pages that include forms. The ability to force SSL on the login screen and profile screens (change password) I view as important, while forcing SSL dynamically for all pages that include form tags is just a brainstorm and may not be as desirable. Also, how about a third setting that forces SSL while editing either 1) anything or 2) any page not viewable by
Comments
arjan
5
5/15/2009 7:33 am
Yes, cool RFE!
JT
0
5/15/2009 7:57 am
These have been features of WebGUI for years. There's a switch in the settings to force SSL on logins. There's the setting to force it on any asset. And if you want to force it on the whole site, then you just do it using Apache.
arjan
3
5/24/2009 4:23 pm
Ok, perhaps I'm not getting the whole picture. I have a site in 7.6.22. I have a ssl enabled in the WebGUI config, I have ssl enabled in modproxy and I've set Settings->User->Encrypt Login to 'yes'.
Am I right in thinking that all that happens is that a login form gets "https" on the action?
preaction
0
5/24/2009 4:45 pm
Yes, that is what happens. Then the user is punted back into non-SSL mode.
arjan
0
5/24/2009 5:17 pm
I would image that at least the form in Settings->Users should also be sent via ssl.
Now I've written a Rewrite rule to force it for the whole site, as JT suggested, but it would be elegant to enforce it for all forms with a password.
arjan
0
5/24/2009 5:17 pm
I would image that at least the form in Settings->Users should also be sent via ssl.
Now I've written a Rewrite rule to force it for the whole site, as JT suggested, but it would be elegant to enforce it for all forms with a password.
arjan
0
5/24/2009 6:29 pm
Oh, and the email to reset the password, that might also contain a https link.
JT
0
6/5/2009 9:54 am
So would it be fair to say that your RFE has been changed to:

Update the User Manager to force SSL when the SSL enabled option is turned on in the config file?


            
Details
Ticket Status Feedback Requested  
Rating4.0 
Submitted By Visitor  
Date Submitted2006-05-26 
Assigned To unassigned  
Date Assigned 2017-11-19  
Assigned By  
What to improve? Change
URLrfe/request-for-enhancement/force-ssl-on-login-and-forms
Karma
Difficulty 15  
Karma So Far20
Karma Rank1.33
Keywords
Related Files
Ticket History
6/5/2009
2:54 PM
Feedback Requested JT
5/24/2009
9:23 PM
Pending arjan
5/15/2009
12:57 PM
Resolved JT
5/15/2009
12:33 PM
10 karma transfered arjan
© 2017 Plain Black Corporation | All Rights Reserved