Re: Code for https?
Re: Code for https?
- Subject: Re: Code for https?
- From: Dale Stanbrough <email@hidden>
- Date: Tue, 09 Sep 2003 14:54:14 +1000
On Tuesday, September 9, 2003, at 02:40 PM, Chuck Hill wrote:
I'm trying to see how a site could be set up to process secure
payments/
ensure private details are not sent in the clear.
HTTPS is what you want for that. I was really asking how you intended
to
get into and out of https: a link, the result of a form submission, a
secure form on an insecure page, etc. There are several minor
permutations
of the basics.
Form submission from an insecure page. I didn't know that you could
have a
secure form from an insecure page.
Ok, i'll try doing that. I'm curious about the problems of getting out
of https mode though. Can you elaborate?
It generates a URL like http://bigpond.net.au:443
That is, it puts http on the front (correctly) but then adds the HTTPS
port
number on the end of the domain. A bug in WO, plain and simple. You
can
fix it (not too easy) or just redirect to an http URL that you create.
How responsive are the WO team at Apple? Seems like this is something
that could be fixed fairly easily...
Getting a WOForm on an insecure page to submit to a secure URL is
again
more of a challenge if you are just starting out.
Which I am...
Starting out or having a WOForm on an insecure page to submit to a
secure URL?
I'm mostly happy with the normal (unsecured) programming model (but I
realise that
there is a -lot- of stuff in WO that I haven't covered yet), so
"starting out with WOForms
on an insecure page..." is the correct response.
Already found out that you can only have one per IP address...
(no virtual hosting of multiple SSL connections..<sigh>).
I thought there was some hack around that, but maybe not. I've not
fiddled
with that for a while and memory fades. The entire URL is encrypted
so it
has no way, other than the IP address and port number, of knowing
where to
direct the requrest for decryption. IIRC. You can run the SSL
connections
on non-standard ports, e.g. 444, 445, 446 etc.
Ah, correct you are...
.....................................
Other workaround solutions are:
Use separate IP addresses for different SSL hosts. Use different
port numbers for different SSL hosts.
.....................................
Dale
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.