Hi List, I might be a bit late on this thread, never mind.
To keep people out who are not using a secure connection, you should specify 'requires secure connection' on the web server. With IIS, this can be done at the file or directory level. Properties --> [File/Directory] Security --> Secure Connection. To deal with paths, I would suggest two application variables: appRootUrl and secureAppRootUrl, stored in a .ini file. This has the advantage that you can test/develop the app on an uncertified box simply by making the secureAppRootUrl a straight "http://myDevServer...";, then change it to "https://myRegisteredDomain..."; on the certified production box. The port sniffing trick suggested by Scott can be handy as well. Beware that for secure pages, you need to serve images and stylesheets over a secure connection, otherwise your users will see the annoying "This page contains insecure items" warning. Good luck. Secure Simon. -- _______________________________________________ Get your free email from http://www.graffiti.net Powered by Outblaze ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
