• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: secure binding
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: secure binding


  • Subject: Re: secure binding
  • From: David Griffith <email@hidden>
  • Date: Tue, 4 May 2010 12:14:09 +0200

Hi Cheong,

Yes that's what it does.  Regarding which is the better practice, I don't think it makes a huge difference but it might depend a bit on what you are doing.  For example, I am using one app but parts of that app (like where the client logs in and gives account details etc.) uses SSL security.  So when the client clicks any link to go to that page, it has the binding secure=true and when they click it the URL that they are directed to is automatically changed to https://.  If they click a link to go back to the home page etc. it usually has secure=false and returns to standard http://.

Regards,
David.

On May 4, 2010, at 11:48 AM, Cheong Hee wrote:

Is the component binding secure=true supposed to switch the url from http -> https, and then by clicking on the component with binding secure=false it will switch it back from https -> http?
If so, what will be the better practice : one secure app and one non-secure app, or one app to switch secure/non-secure?
Sorry for interruption and don't mean to hijack..

Cheers

Cheong Hee

----- Original Message ----- From: "David Griffith" <email@hidden>
To: "WebObjects-Dev Mailing List List" <email@hidden>
Sent: Tuesday, May 04, 2010 5:12 PM
Subject: Re: secure binding


Hi Chuck,

Yes, am using 5.4.3 and Wonder.  It does look like an Apache issue, I was wondering if it could be that.  I'll ask the server guys to have a look and see if they can change it.

Thanks all for your comments,

Regards,
David.

On May 4, 2010, at 3:20 AM, Chuck Hill wrote:


On May 3, 2010, at 2:26 PM, David Griffith wrote:

> Hi all,
>
> When you click certain buttons on my website, I want a secure URL returned.  I have set the secure=true binding and the page does get returned using the https:// url instead of http:// but I have a question. It's not so much of a problem as an inconsistency.

I recall that being a bug in earlier 5.4 versions, is it not fixed in 5.4.3? Are you using Wonder?  I think that was fixed somewhere.


> If you go to the website http://www.mydomain.com and click around the non-secure area, it will show the URL always as http://www.mydomain.com. As soon as it goes to a secure URL, it displays as https://mydomain.com (without the www in front).
>
> Does anyone know where this is generated from?

I'd guess from the virtual host in Apache.  Possibly with an incorrect DNS record somewhere.


> It is clearly setting the value from somewhere.  Perhaps it has something to do with my adaptor URL?  In the JavaMonitor page is says to specify the full URL to the adaptor but I have always just used /app/WebObjects as I use the same adaptor for various apps running on different domains.  Would it be related to that?

I'd doubt it.


> I would just like it to come back with https://www.mydomain.com instead as once it changes to the URL with the www, it stays that way.
>
> Any insight would be appreciated :)


Check the Apache config, then check the headers coming into your application.


Chuck


--
Chuck Hill             Senior Consultant / VP Development

Practical WebObjects - for developers who want to increase their overall knowledge of WebObjects or who are trying to solve specific problems.
http://www.global-village.net/products/practical_webobjects








_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

  • Follow-Ups:
    • Re: secure binding
      • From: Cheong Hee Ng <email@hidden>
References: 
 >secure binding (From: David Griffith <email@hidden>)
 >Re: secure binding (From: Chuck Hill <email@hidden>)
 >Re: secure binding (From: David Griffith <email@hidden>)
 >Re: secure binding (From: "Cheong Hee" <email@hidden>)

  • Prev by Date: Re: secure binding
  • Next by Date: Entity Modeler: _deletedEntityNamesInObjectStore in index.eomodeld
  • Previous by thread: Re: secure binding
  • Next by thread: Re: secure binding
  • Index(es):
    • Date
    • Thread