roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Allen Gilliland <allen.gillil...@sun.com>
Subject Re: using SSL in pages where user password is required
Date Thu, 03 May 2007 18:22:32 GMT
Ahh, perhaps it has been too long since i looked at that part of the 
config.  Have you enabled the scheme enforcement in your config?

you should have this in your roller-custom.properties to properly ensure 
that all the right urls are protected ...

schemeenforcement.enabled=true

this is the urls that will be protected ...

# URL patterns that require HTTPS
schemeenforcement.https.urls=/j_security_check,/roller-ui/login-redirect.jsp,\
/roller-ui/login.do,/roller-ui/user.do,/roller-ui/yourProfile.do,\
/roller-ui/admin/user.do,/roller-ui/authoring/userdata

-- Allen


sedat ciftci wrote:
>   I'm using Roller 3.1 but only user login page uses
> SSL  as it is shown below:
> 
> https://localhost:8443/roller/roller-ui/login.do
> http://localhost:8080/roller/roller-ui/user.do?method=registerUser
> http://localhost:8080/roller/roller-ui/yourProfile.do?method=edit
> http://localhost:8080/roller/roller-ui/admin/user.do
> 
> 
>   Sedat
> 
> --- Allen Gilliland <allen.gilliland@sun.com> wrote:
> 
>> what version of Roller are you using?  in all the
>> recent versions of 
>> Roller enabling secure logins does secure all pages
>> which are privacy 
>> sensitive, which includes the registration and
>> profile pages.
>>
>> -- Allen
>>
>>
>> sedat ciftci wrote:
>>> Hello,
>>>   I know that we can use SSL in roller login page.
>> For
>>> security reasons, it is better to use SSL in user
>>> registration and user profile update pages also
>> (the
>>> pages where user password is required). How can I
>> use
>>> SSL in those pages (as it is done in login page)?
>>>  Thanks
>>>   Sedat
>>>
>>> __________________________________________________
>>> Do You Yahoo!?
>>> Tired of spam?  Yahoo! Mail has the best spam
>> protection around 
>>> http://mail.yahoo.com 
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 

Mime
View raw message