[pmwiki-users] security (again!)

James M jamesm1415 at googlemail.com
Sat Mar 7 15:40:45 CST 2009


Thanks for the suggestion Guillermo.  I copied your lines of code into
config.php and it makes no difference when I go to login.
Is there anthing I'm missing?

Thanks,
James


On Fri, Mar 6, 2009 at 6:51 PM, Guillermo Calderon - INCO <
calderon at fing.edu.uy> wrote:

> James M escribió:
> > It seems that the login pages on pmwiki are `en clair' (unencrypted - eg
> > not https). Is there any way around this, apart from hosting the whole
> > site on https ?
> > The IT guru who guards our servers at university is unhappy about having
> > pmwiki installed where passwords are transmitted without being encrypted.
> >
>
> In a previous message I wrote this:
>
> ===============
> I have implemented a simple solution where only passwords are sent
>    via SSL and the other posts are sent via http.
>
> In config.php:
>
> SDVA($InputTags['auth_form'], array(
>     ':html' => "<form
>          action='https://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}'
>          method='post'
>          name='authform'>\$PostVars"));
>
> This way the action field of the auth-form sends  all the information
> via https.
> ============================
>
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20090307/9aca4647/attachment.html 


More information about the pmwiki-users mailing list