Hi All,
because I had a need to scratch, I've written a module that checks that
designated run modes are invoked under SSL. I figure I should modify it
to meet the requirements for CGI::Application::Plugin::RequireSSL, as
requested at http://cgiapp.erlbaum.net/index.cgi?PluginsWanted, but I
have a few questions about these requirements:
* If the param 'require_ssl' is present in the instance script,
everything accessed through it will be protected.
* If the subroutine attribute 'RequireSSL' is used, an individual
runmode will be protected.
* If the param 'rewrite_to_ssl' is present, any run modes that are
labeled as 'RequireSSL' (or all run modes if the param
'require_ssl' is present) that are accessed as non-SSL will be
redirected to the same run mode but as HTTPS.
I'm not sure I understand what is meant by "protected." Does this mean
an error is raised if standard HTTP is used when HTTPS is required?
In the cases where a request is "rewritten," what do keep in the
redirect? I assume all query parameters if the method is "GET," but an
error is raised if "POST" is used.
In my case, I'd like to be able to turn the SSL checks on or off based
on a flag in my app's config file. This is because the team members all
have personal name-based virtual hosts, and SSL isn't supported in their
environments, although it is in the test, staging and prod envs, where
we could turn the checks on. Is such a flag something others would find
useful?
My module, as it stands, works under FastCGI, but I've heard rumours
that Attributes sometimes have trouble in a mod_perl environment. It's
be great if someone could test it under mp for me
Regards
Dan
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/cgiapp@lists.erlbaum.net/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
