[pmwiki-users] question about Cookbook/SwitchToSSLMode

Guillermo Calderon - INCO calderon at fing.edu.uy
Mon Dec 22 09:45:52 CST 2008


Hi all;
I was reading the page Cookbook/SwitchToSSLMode.
There, a complex solution is described in order to "only actions where
passwords are likely to be passed are sent via SSL"

However, "The example assumes there are not read-protected pages, since
any 'read' passwords entered to view a page would be sent via a non-SSL
connection"

It sounds too restricted since (almost) every wiki has some
read-protected pages and groups.

I have implemented a very simple solution where only passwords are sent
   via SSL and the other posts are sent via http.
In config.php:

SDVA($InputTags['auth_form'], array(
    ':html' => "<form
         action='https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}'
         method='post'
         name='authform'>\$PostVars"));

This way the action field of the auth-form sends  all the information
via https.

My question:  does this solution really work?
(I think so, by I would like to be sure)

Guillermo




More information about the pmwiki-users mailing list