Martin Baehr <[EMAIL PROTECTED]> writes:
> is this a good time to open a wishlist discussion?
>
> there are a few things i have been wondering about or would like to see:
>
> remove
> ssl-allow-port = (integer)
> https should be allowed on any port, just like http.
> many servers i work with use alternative ports for webserver configuration,
> it is a pain having to add each port into the config manually.
This is really a security feature for system aministrators. Allowing
HTTPS tunneling to any port will mean that people can bypass WWWOFFLE
if it is used as a firewall to stop people getting out. All that
WWWOFFLE does for HTTPS is open a socket connection and pass data in
both directions. There is no checking on the contents or the URL
because they are encrypted.
I agree though that for single user systems where WWWOFFLE is not
being used to provide security like this there should not be a limit.
And WWWOFFLE is not likely to be used for this purpose since it is not
what it is designed for.
I suppose that the easiest change is to remove the restriction unless
any ssl-allow-port entries are specified.
--
Andrew.
----------------------------------------------------------------------
Andrew M. Bishop [EMAIL PROTECTED]
http://www.gedanken.demon.co.uk/
WWWOFFLE users page:
http://www.gedanken.demon.co.uk/wwwoffle/version-2.7/user.html
