Re: secure binding
Re: secure binding
- Subject: Re: secure binding
- From: Chuck Hill <email@hidden>
- Date: Wed, 5 May 2010 08:58:07 -0700
On May 5, 2010, at 1:32 AM, Cheong Hee wrote:
Just to ensure i don't pretend to understand well...
What are the headers of each page, you meant session headers or some
attributes defined for secured pages?
The HTTP headers. See context().request().headers()
You need to check the headers on each page that should be SSL
protected to ensure that access was from an https URL. If not,
redirect to the https version or show an error message.
Otherwise, yes, the user could access the secure parts in an
unencrypted manner.
Chuck
Cheers
Cheong Hee
--
Chuck Hill Senior Consultant / VP Development
Practical WebObjects - for developers who want to increase their
overall knowledge of WebObjects or who are trying to solve specific
problems.
http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden