Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re: Re: Switching to SSL under mod_perl

by jest (Pilgrim)
on Mar 09, 2004 at 16:48 UTC ( #335176=note: print w/replies, xml ) Need Help??


in reply to Re: Switching to SSL under mod_perl
in thread Switching to SSL under mod_perl

I'm not sure I follow. If someone heads to a login page, there's no form yet. On their way, they're redirected over a secure link. When they get to the login page, they're on HTTPS. They enter secret information, it goes over HTTPS, and if they're appropriately authenticated, they get sent to some other page over HTTP, and there's no secret information being sent any more.

It's the same for my other examples--a user tries to visit http://www.mysite.com/edit/secret_table?id=12, they get switched to a secure link before they get there, not after they're entered info.

Back to mod_perl for a sec--does this have to be handled in a PerlTransHandler, or can I just remap the URL in the regular handler I'm using?

  • Comment on Re: Re: Switching to SSL under mod_perl

Replies are listed 'Best First'.
Re: Re: Re: Switching to SSL under mod_perl
by iburrell (Chaplain) on Mar 09, 2004 at 20:25 UTC
    Whether you need mod_perl depends on how you determine if a page needs to be secure or not. If it is simple, like login.cgi and secret_table are always secure, then I would use mod_rewrite. If it is more complex, like secret_table is only protected for id=12, then you need to use mod_perl. I would consider trying to simplyify it so that the need to https is always.

    Also, you might want to consider doing everything with https. This doesn't work on a public login site but makes a lot of sense on an intranet. This has the advantage that you don't have to worry about errors in the access control since everything is encrypted.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://335176]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (5)
As of 2022-01-25 12:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (66 votes). Check out past polls.

    Notices?