Secure login and unsecure app
Locked
Secure login and unsecure app
 
|
Hi
there,
how one make an apache or lighthttp
configuration that makes a seaside app to make its login secure (https) and the
rest of the app insecure (http)?
I've imagined by making two apps
(one secured and other insecure) the secured only for login.. but can the user
session can be passed from one application to another?
cheers,
_______________________________________________ Seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: Secure login and unsecure app
|
|
2007/8/10, Sebastian Sastre <[hidden email]>:
> > > Hi there, > > how one make an apache or lighthttp configuration that makes a seaside > app to make its login secure (https) and the rest of the app insecure > (http)? > > I've imagined by making two apps (one secured and other insecure) the > secured only for login.. but can the user session can be passed from one > application to another? Not out of the box. You can experiment with switching the application of a session or #call: to a new customized WARenderLoop. No guaranties though that it works. Cheers Philippe > cheers, > > > > Sebastian Sastre > > > > _______________________________________________ > Seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > Seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
RE: Secure login and unsecure app
|
|
A perhaps simpler solution I can imagine is to put just the login component
in another path than the rest of the application and manage that path to go to https with apache's RewriteRule. Something like: http://subdomain1.domain.com (the main usual seaside app) https://subdomain1.domain.com/login (the login only) What do you think? Is possible to mount a component in a sigtlhy different URL? thanks, Sebastian Sastre > -----Mensaje original----- > De: [hidden email] > [mailto:[hidden email]] En nombre > de Philippe Marschall > Enviado el: Sábado, 11 de Agosto de 2007 07:18 > Para: Seaside - general discussion > Asunto: Re: [Seaside] Secure login and unsecure app > > 2007/8/10, Sebastian Sastre <[hidden email]>: > > > > > > Hi there, > > > > how one make an apache or lighthttp configuration that makes a > > seaside app to make its login secure (https) and the rest > of the app > > insecure (http)? > > > > I've imagined by making two apps (one secured and other > insecure) > > the secured only for login.. but can the user session can be passed > > from one application to another? > > Not out of the box. You can experiment with switching the > application of a session or #call: to a new customized > WARenderLoop. No guaranties though that it works. > > Cheers > Philippe > > > cheers, > > > > > > > > Sebastian Sastre > > > > > > > > _______________________________________________ > > Seaside mailing list > > [hidden email] > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > > > > _______________________________________________ > Seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ Seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: Secure login and unsecure app
|
|
2007/8/11, Sebastian Sastre <[hidden email]>:
> A perhaps simpler solution I can imagine is to put just the login component > in another path than the rest of the application and manage that path to go > to https with apache's RewriteRule. Something like: > > http://subdomain1.domain.com (the main usual seaside app) > https://subdomain1.domain.com/login (the login only) > > What do you think? Is possible to mount a component in a sigtlhy different > URL? In theory yes, that's what Pier is doing. But that's tricky. You'd have to use #updateUrl: #addToPath: and friends. Seriously it would be much simpler (and safer) if you just put the whole application behind https (you can make a redirect for those who come over http). Cheers Philippe > thanks, > > Sebastian Sastre > > > > -----Mensaje original----- > > De: [hidden email] > > [mailto:[hidden email]] En nombre > > de Philippe Marschall > > Enviado el: Sábado, 11 de Agosto de 2007 07:18 > > Para: Seaside - general discussion > > Asunto: Re: [Seaside] Secure login and unsecure app > > > > 2007/8/10, Sebastian Sastre <[hidden email]>: > > > > > > > > > Hi there, > > > > > > how one make an apache or lighthttp configuration that makes a > > > seaside app to make its login secure (https) and the rest > > of the app > > > insecure (http)? > > > > > > I've imagined by making two apps (one secured and other > > insecure) > > > the secured only for login.. but can the user session can be passed > > > from one application to another? > > > > Not out of the box. You can experiment with switching the > > application of a session or #call: to a new customized > > WARenderLoop. No guaranties though that it works. > > > > Cheers > > Philippe > > > > > cheers, > > > > > > > > > > > > Sebastian Sastre > > > > > > > > > > > > _______________________________________________ > > > Seaside mailing list > > > [hidden email] > > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > > > > > > > _______________________________________________ > > Seaside mailing list > > [hidden email] > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > _______________________________________________ > Seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > _______________________________________________ Seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
«
Return to Seaside General
|
1 view|%1 views
| Free forum by Nabble | Edit this page |