httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <rob...@profundis.nu>
Subject Re: [users@httpd] redirection, SSL, Internet Explorer
Date Mon, 22 Dec 2003 06:06:50 GMT
 [plain text, please...]

Shen.Yang@ny.frb.org wrote:
> Using Mozilla Firebird, everything works fine:
> 1. user types http://hostname:88/privateArea in the location field
> 2. Mozilla presents user the certificate.
> 3. user accepts the certificate.
> 4. Mozilla prompts user for userid and password.
> 5. user enters valid userid and password.
> 6. as intended, request lands on https://hostname:444/privateArea  (this
> URL replaces unsecured URL in the location field of Mozilla)

Perhaps, or perhaps not, related to your problem, but you should redirect to
the secure host before authenticating the user (prompt fot credentials).
Assuming you use Basic Authentication, over plain HTTP passwords travel in
plain text, which is one of the primary reasons to do it over HTTPS so they
get encrypted.

Regards.
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message