Markus Angst schrieb:
> Hi,
>
>> our SSL handling is a bit undetermined ATM (please correct me
>> if I'm wrong). We support to set and detect if a page should use
>> an SSL connection, and select the proxy based on this setting.
>>
>> Some questions:
>>
>> - If a page is requested using SSL, should all links from this
>> page to other internal pages also use an https:// URL? IMO yes.
>
> I note that you write "requested using" and not "configured for" SSL.
Yes - I once had a discussion with a customer, and he stated that
it doesn't make sense to configure SSL per page. Once a user
requests a page using SSL, she expects that the subsequent pages
are served using SSL as well. Not sure if this is principle is
universally valid, though.
> What do you mean by "internal"? Internal to Lenya, the publication or to
> a usecase?
I meant internal to Lenya, but this is subject to discussion.
> This means that a user can switch to https whenever he/she wants.
Yes, at least this is what my customer required.
> After
> a few clicks ("from https to https"), you might end up with an URL that
> cannot be served.
Why would that be the case?
> Not sure about this, but I guess that most of the times internal links
> are absolute only when Lenya proxying is in effect??
AFAIK most links are resolved to absolute URLs ATM.
>> - Should we support to configure SSL for usecases?
>
> At least for the login usecase (and probably some more; e.g. custom made
> ones) this would make sense.
OK.
Thanks for your comments!
-- Andreas
--
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
