Re: secure binding
Re: secure binding
- Subject: Re: secure binding
- From: David Griffith <email@hidden>
- Date: Tue, 4 May 2010 12:14:09 +0200
Hi Cheong,
Yes that's what it does. Regarding which is the better practice, I don't think it makes a huge difference but it might depend a bit on what you are doing. For example, I am using one app but parts of that app (like where the client logs in and gives account details etc.) uses SSL security. So when the client clicks any link to go to that page, it has the binding secure=true and when they click it the URL that they are directed to is automatically changed to https://. If they click a link to go back to the home page etc. it usually has secure=false and returns to standard http://.
Regards,
David.
On May 4, 2010, at 11:48 AM, Cheong Hee wrote:
Is the component binding secure=true supposed to switch the url from http -> https, and then by clicking on the component with binding secure=false it will switch it back from https -> http?
If so, what will be the better practice : one secure app and one non-secure app, or one app to switch secure/non-secure?
Sorry for interruption and don't mean to hijack..
Cheers
Cheong Hee
----- Original Message ----- From: "David Griffith" <email@hidden>
To: "WebObjects-Dev Mailing List List" <email@hidden>
Sent: Tuesday, May 04, 2010 5:12 PM
Subject: Re: secure binding
Hi Chuck,
Yes, am using 5.4.3 and Wonder. It does look like an Apache issue, I was wondering if it could be that. I'll ask the server guys to have a look and see if they can change it.
Thanks all for your comments,
Regards,
David.
On May 4, 2010, at 3:20 AM, Chuck Hill wrote:
On May 3, 2010, at 2:26 PM, David Griffith wrote:
> Hi all,
>
> When you click certain buttons on my website, I want a secure URL returned. I have set the secure=true binding and the page does get returned using the https:// url instead of http:// but I have a question. It's not so much of a problem as an inconsistency.
I recall that being a bug in earlier 5.4 versions, is it not fixed in 5.4.3? Are you using Wonder? I think that was fixed somewhere.
> If you go to the website http://www.mydomain.com and click around the non-secure area, it will show the URL always as http://www.mydomain.com. As soon as it goes to a secure URL, it displays as https://mydomain.com (without the www in front).
>
> Does anyone know where this is generated from?
I'd guess from the virtual host in Apache. Possibly with an incorrect DNS record somewhere.
> It is clearly setting the value from somewhere. Perhaps it has something to do with my adaptor URL? In the JavaMonitor page is says to specify the full URL to the adaptor but I have always just used /app/WebObjects as I use the same adaptor for various apps running on different domains. Would it be related to that?
I'd doubt it.
> I would just like it to come back with https://www.mydomain.com instead as once it changes to the URL with the www, it stays that way.
>
> Any insight would be appreciated :)
Check the Apache config, then check the headers coming into your application.
Chuck
--
Chuck Hill Senior Consultant / VP Development
Practical WebObjects - for developers who want to increase their overall knowledge of WebObjects or who are trying to solve specific problems.
http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden