[ZendTo] Forcing all logins to HTTPS

ROGERS Richard Richard.Rogers at staffs.ac.uk
Fri Sep 9 11:40:45 BST 2011


Hi -

Progressing now with getting this ready for launch... Now I'm looking at ensuring that usernames/passwords are passed through an HTTPS (SSL) connection (and then flicking back to HTTP for the actual file transfer stage, where SSL seems an unnecessary overhead).

This hasn't been a problem for most pages (a simple Rewrite in the Apache config file has dealt with it), but I have hit a bit of an "edge case", where if you click on Drop-off on the "home" page, you are returned to HTTP (I'm treating claim codes as "non-sensitive"), but then clicking the Login button on the top menu brings up the login dialog embedded in the verify.php page, without returning to HTTPS. As there seems to be a javascript catching the link and displaying this, I'm not sure how to get round this. Any suggestions (is there a "right way" to achieve what I'm looking for?)

Thanks and regards

Richard

--
Richard Rogers
Principal IT Officer, Client Technology and Applications
Information Services, Staffordshire University
Tel. 01785-353785

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20110909/cc4abd9f/attachment.html 


More information about the ZendTo mailing list