Ahh, perhaps it has been too long since i looked at that part of the
config. Have you enabled the scheme enforcement in your config?
you should have this in your roller-custom.properties to properly ensure
that all the right urls are protected ...
schemeenforcement.enabled=true
this is the urls that will be protected ...
# URL patterns that require HTTPS
schemeenforcement.https.urls=/j_security_check,/roller-ui/login-redirect.jsp,\
/roller-ui/login.do,/roller-ui/user.do,/roller-ui/yourProfile.do,\
/roller-ui/admin/user.do,/roller-ui/authoring/userdata
-- Allen
sedat ciftci wrote:
I'm using Roller 3.1 but only user login page uses
SSL as it is shown below:
https://localhost:8443/roller/roller-ui/login.do
http://localhost:8080/roller/roller-ui/user.do?method=registerUser
http://localhost:8080/roller/roller-ui/yourProfile.do?method=edit
http://localhost:8080/roller/roller-ui/admin/user.do
Sedat
--- Allen Gilliland <[EMAIL PROTECTED]> wrote:
what version of Roller are you using? in all the
recent versions of
Roller enabling secure logins does secure all pages
which are privacy
sensitive, which includes the registration and
profile pages.
-- Allen
sedat ciftci wrote:
Hello,
I know that we can use SSL in roller login page.
For
security reasons, it is better to use SSL in user
registration and user profile update pages also
(the
pages where user password is required). How can I
use
SSL in those pages (as it is done in login page)?
Thanks
Sedat
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
