• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Code for https?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Code for https?

  • Subject: Re: Code for https?
  • From: Chuck Hill <email@hidden>
  • Date: Mon, 08 Sep 2003 21:40:01 -0700
At 02:20 PM 09/09/2003 +1000, Dale Stanbrough wrote:

>>> I'd like a system similar to apple's developer login pages.
>>>
>> I've not logged in for a while, and I log into a LOT of sites...
>> Specifically what did you want?  :-)
>
>I'm trying to see how a site could be set up to process secure payments/
>ensure private details are not sent in the clear.
>
HTTPS is what you want for that.  I was really asking how you intended to
get into and out of https: a link, the result of a form submission, a
secure form on an insecure page, etc.  There are several minor permutations
of the basics.


>> The easiest way is to use the
>> secure binding on WOHyperlink (true for https://, false for http://,
>> unbound for a url starting with / (maintain the current mode).  Works
>> fine, except it is buggy getting *out* of https.  But that is another
>> story...
>
>Ok, i'll try doing that. I'm curious about the problems of getting out
>of https mode though. Can you elaborate?
>
It generates a URL like http://bigpond.net.au:443
That is, it puts http on the front (correctly) but then adds the HTTPS port
number on the end of the domain.  A bug in WO, plain and simple.  You can
fix it (not too easy) or just redirect to an http URL that you create.


>> Getting a WOForm on an insecure page to submit to a secure URL is again
>> more of a challenge if you are just starting out.
>
>Which I am...
>
Starting out or having a WOForm on an insecure page to submit to a secure URL?


>>> I'll go and have a look at Apache's documentation. Thanks,
>>>
>> It is usually pretty good, in my experience.
>>
>
>Already found out that you can only have one per IP address...
>(no virtual hosting of multiple SSL connections..<sigh>).
>
I thought there was some hack around that, but maybe not.  I've not fiddled
with that for a while and memory fades.  The entire URL is encrypted so it
has no way, other than the IP address and port number, of knowing where to
direct the requrest for decryption.  IIRC.  You can run the SSL connections
on non-standard ports, e.g. 444, 445, 446 etc.


Chuck


--

Chuck Hill                                 email@hidden
Global Village Consulting Inc.             http://www.global-village.net
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • Re: Code for https?
      • From: Dale Stanbrough <email@hidden>
References: 
 >Re: Code for https? (From: Chuck Hill <email@hidden>)
 >Re: Code for https? (From: Dale Stanbrough <email@hidden>)

  • Prev by Date: Re: Code for https?
  • Next by Date: Re: Code for https?
  • Previous by thread: Re: Code for https?
  • Next by thread: Re: Code for https?
  • Index(es):
    • Date
    • Thread