httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm MacCarthaigh <c...@stdlib.net>
Subject Re: Invitation to HTTPD commiters in tomcat-dev
Date Tue, 20 Jul 2004 16:09:52 GMT
On Tue, Jul 20, 2004 at 12:08:01PM -0400, Manni Wood wrote:
> Along with the ability for your back-end servlets to get a correct
> value from ServletRequest.isSecure() depending on whether or not
> Apache was originally contacted with HTTP vs HTTPS?

Personally, I always use Apache to authenticate such things directly
before allowing anything to execute. By allowing the script to
authenticate it, the thing is already running and I'm already prone to
whatever some scripter's idea of secure programming is - so there's
hardly a point.

It's much simpler to just not proxy if the originating request wasn't
SSL. But if it's really neccessary that it be conditional, use an X- header, 
or a query string :-)

-- 
Colm MacCárthaigh                        Public Key: colm+pgp@stdlib.net

Mime
View raw message