[prev in list] [next in list] [prev in thread] [next in thread]
List: lenya-dev
Subject: Re: SSL encryption for usecases, inheriting to sub-pages
From: Jörn_Nettingsmeier <nettings () apache ! org>
Date: 2008-02-21 21:47:46
Message-ID: 47BDF182.6060102 () apache ! org
[Download RAW message or body]
Andreas Hartmann wrote:
> Hi Lenya devs,
>
> virtually every proxy setup redirects the login usecase to https:
>
> # Redirect the login usecase to https
> RewriteCond %{QUERY_STRING} (.*)lenya\.usecase=ac\.login(.*)
> RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
>
> Maybe it would make sense to let Lenya do this?
>
> <usecase id="ac.login" ssl="true">
> <role id="session" method="grant"/>
> </usecase>
nice idea in principle, but...
> Another question is if requiring SSL should (optionally?) be inherited
> to sub-pages. I wanted to configure the docu publication to require SSL
> for all authoring+archive+transh pages, but ATM this would mean to click
> the SSL checkbox manually for every single page. IMO it would be nice if
> we could enable SSL for complete areas.
hmm. it's quite trivial to force ssl for a whole area with a rewrite
rule. and since ssl and proxies are somewhat intertwined, why not leave
it at that rather than introduce new complication?
i would be ok with a usecase that does recursive ssl enabling by
actually checking the ssl flag of every subpage (sort of an auto-click
:), but we should not introduce inheritance and complicated lookup
mechanisms.
there's the potentially dangerous situation when a page that should have
ssl (and was in an ssl subtree) gets moved out of it and loses ssl
protection - too many subtle pitfalls imho.
regards,
jörn
--
Jörn Nettingsmeier
"One of my most productive days was throwing away 1000 lines of code."
- Ken Thompson.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic