|
Previous
·
Next
|
martink
|
Date: 11/13/2006 7:05 am · Subject: encrypt login · Rating: 0
Hi,
It seems that the Encrypt Login option in the User tab of the Settings
doesn't just do what it's meant to. Enabling it ideed post the login
form over ssl, but the user is not thrown back into http mode when
browsing for subsequent pages. You can verify on the plainblack.com site.
According to the docs this should not happen, so my guess it is a bug.
Or are the docs incorrect?
Martin
|
| Back to Top |
Rate [ | ]
|
| |
JT
|
Date: 11/13/2006 9:35 am · Subject: Re: encrypt login · Rating: 3
Encrypt login is just supposed to force SSL on the login. However, it does nothing after
the login, therefore the user should remain in SSL after the login. It's only concern is
that the login is encrypted, not what happens after that.
On Mon, 13 Nov 2006 07:05:32 -0600
<martin@procolix.com> wrote:
> martink wrote:
>
> Hi,
>
> It seems that the Encrypt Login option in the User tab of the Settings
> doesn9t just do what it9s meant to. Enabling it ideed post the login
> form over ssl, but the user is not thrown back into http mode when
> browsing for subsequent pages. You can verify on the plainblack.com site.
>
> According to the docs this should not happen, so my guess it is a bug.
> Or are the docs incorrect?
>
> Martin
>
>
> http://www.plainblack.com/webgui/dev/discuss/encrypt-login
> Unsubscribe
JT ~ Plain Black
ph: 703-286-2525 ext. 810
fax: 312-264-5382
http://www.plainblack.com
I reject your reality, and substitute my own. ~ Adam Savage
|
| Back to Top |
Rate [ | ]
|
| |
martink
|
Date: 11/13/2006 10:50 am · Subject: Re: encrypt login · Rating: 1
Well, that means that the docs are wrong. This is what they say:
*Encrypt Login?*
Should the system use the HTTPS protocol for the login form? Note
that setting this option to true will only encrypt the
authentication itself, not anything else before or after the
authentication.
This implies that, after logging in, the user is redirected to http,
which seems much more logical to me, since with the way it works now, it
is impossible to do https only on login, which is something people are
asking for (well, at least in the Netherlands =)).
Martin
jt@plainblack.com wrote:
> JT wrote:
>
> Encrypt login is just supposed to force SSL on the login. However, it
> does nothing after
> the login, therefore the user should remain in SSL after the login.
> It's only concern is
> that the login is encrypted, not what happens after that.
>
>
> On Mon, 13 Nov 2006 07:05:32 -0600
> <martin@procolix.com> wrote:
> > martink wrote:
> >
> > Hi,
> >
> > It seems that the Encrypt Login option in the User tab of the Settings
> > doesn9t just do what it9s meant to. Enabling it ideed post the login
> > form over ssl, but the user is not thrown back into http mode when
> > browsing for subsequent pages. You can verify on the plainblack.com
> site.
> >
> > According to the docs this should not happen, so my guess it is a bug.
> > Or are the docs incorrect?
> >
> > Martin
> >
> >
> > http://www.plainblack.com/webgui/dev/discuss/encrypt-login
> > Unsubscribe
>
>
> JT ~ Plain Black
> ph: 703-286-2525 ext. 810
> fax: 312-264-5382
> http://www.plainblack.com
>
> I reject your reality, and substitute my own. ~ Adam Savage
>
>
> http://www.plainblack.com/webgui/dev/discuss/encrypt-login/1
>
> Unsubscribe
> <http://www.plainblack.com/webgui/dev/discuss?func=unsubscribe>
>
> ------------------------------------------------------------------------
>
>
>
>
|
| Back to Top |
Rate [ | ]
|
| |
maxscience
|
Date: 11/13/2006 1:43 pm · Subject: Re: encrypt login · Rating: -1
what about adding an option to solve the issue?
A checkbox near the "encrypt login" that says: "Keep the users on SSL after the login?"
If this is checked, then you have the present behaviour; if it's not, then it redirects to http after the secure login has been done.
 Mac and Mac OS X Server power user
|
| Back to Top |
Rate [ | ]
|
| |
JT
|
Date: 11/13/2006 3:16 pm · Subject: Re: encrypt login · Rating: 1
You have my permission to fix it either way you see fit. If you don't have time to fix
it, then log a bug, and I'll fix it which ever way is easier for me. =)
On Mon, 13 Nov 2006 10:50:33 -0600
<martin@procolix.com> wrote:
> martink wrote:
>
> Well, that means that the docs are wrong. This is what they say:
>
> *Encrypt Login?*
> Should the system use the HTTPS protocol for the login form? Note
> that setting this option to true will only encrypt the
> authentication itself, not anything else before or after the
> authentication.
>
>
> This implies that, after logging in, the user is redirected to http,
> which seems much more logical to me, since with the way it works now, it
> is impossible to do https only on login, which is something people are
> asking for (well, at least in the Netherlands =)).
>
> Martin
>
>
> jt@plainblack.com wrote:
> > JT wrote:
> >
> > Encrypt login is just supposed to force SSL on the login. However, it
> > does nothing after
> > the login, therefore the user should remain in SSL after the login.
> > It9s only concern is
> > that the login is encrypted, not what happens after that.
> >
> >
> > On Mon, 13 Nov 2006 07:05:32 -0600
> > <martin@procolix.com> wrote:
> > > martink wrote:
> > >
> > > Hi,
> > >
> > > It seems that the Encrypt Login option in the User tab of the Settings
> > > doesn9t just do what it9s meant to. Enabling it ideed post the login
> > > form over ssl, but the user is not thrown back into http mode when
> > > browsing for subsequent pages. You can verify on the plainblack.com
> > site.
> > >
> > > According to the docs this should not happen, so my guess it is a bug.
> > > Or are the docs incorrect?
> > >
> > > Martin
> > >
> > >
> > > http://www.plainblack.com/webgui/dev/discuss/encrypt-login
> > > Unsubscribe
> >
> >
> > JT ~ Plain Black
> > ph: 703-286-2525 ext. 810
> > fax: 312-264-5382
> > http://www.plainblack.com
> >
> > I reject your reality, and substitute my own. ~ Adam Savage
> >
> >
> > http://www.plainblack.com/webgui/dev/discuss/encrypt-login/1
> >
> > Unsubscribe
> > <http://www.plainblack.com/webgui/dev/discuss?func=unsubscribe>
> >
> > ------------------------------------------------------------------------
> >
> >
> >
> >
>
>
>
> http://www.plainblack.com/webgui/dev/discuss/encrypt-login/2
> Unsubscribe
JT ~ Plain Black
ph: 703-286-2525 ext. 810
fax: 312-264-5382
http://www.plainblack.com
I reject your reality, and substitute my own. ~ Adam Savage
|
| Back to Top |
Rate [ | ]
|
| |
colink
|
Date: 11/13/2006 4:29 pm · Subject: Re: encrypt login · Rating: -1
In the meantime, I'll patch the docs.
|
| Back to Top |
Rate [ | ]
|
| |
martink
|
Date: 11/13/2006 4:50 pm · Subject: Re: encrypt login · Rating: -2
Nah, I'll patch the code in stead =) By friday prolly.
Martin
ckuskie@sterlink.net wrote:
> colink wrote:
>
> In the meantime, I'll patch the docs.
>
>
> http://www.plainblack.com/webgui/dev/discuss/encrypt-login/5
>
> Unsubscribe
> <http://www.plainblack.com/webgui/dev/discuss?func=unsubscribe>
>
> ------------------------------------------------------------------------
>
>
>
>
|
| Back to Top |
Rate [ | ]
|
| |
maxscience
|
Date: 11/14/2006 2:35 am · Subject: Re: encrypt login · Rating: -4
There can be some cases where you need to keep your users on SSL after they secure login... What about adding the option I mentioned above as part of the "fix"?
I don't personally need it, but I think it would be useful.
Mac and Mac OS X Server power user
|
| Back to Top |
Rate [ | ]
|
| |
woefdram
|
Date: 11/14/2006 8:17 am · Subject: Re: encrypt login · Rating: 3
The http->https->login->http route would certainly solve some things. The "keep ssl after login" sounds nice, gives WebGUI a touch of Sourceforge ;)
|
| Back to Top |
Rate [ | ]
|
| |
JT
|
Date: 11/14/2006 8:35 am · Subject: Re: encrypt login · Rating: -3
> The http->https->login->http route would certainly solve some things. The "keep ssl
>after login" sounds nice, gives WebGUI a touch of Sourceforge ;)
That may in fact be nice. Therefore I suggest that you publish an RFE with that request.
This thread started out talking about a bug in the system or in the documentation.
JT ~ Plain Black
ph: 703-286-2525 ext. 810
fax: 312-264-5382
http://www.plainblack.com
I reject your reality, and substitute my own. ~ Adam Savage
|
| Back to Top |
Rate [ | ]
|
| |
|
|
Re: How to connect a Profile Field to a User Group? by LoopSetShop - Sun @ 11:13am Re: How to connect a Profile Field to a User Group? by LoopSetShop - Sun @ 10:45am Re: How to connect a Profile Field to a User Group? by perlDreamer - Sun @ 10:32am How to connect a Profile Field to a User Group? by LoopSetShop - Sun @ 09:45am Re: OReilly by koen - Sat @ 06:44pm Re: OReilly by JT - Sat @ 12:46pm Re: Glad to be here by Mike_S - Sat @ 09:11am
|
