Main Stories
Slash Boxes

Slash Open Source Project

Slashcode Log In

Log In

[ Create a new account ]

Article Poll

Poll I found this article to be
Very Helpful
Not Helpful
Not Very Helpful
[ Results | Polls ]
Comments:0 | Votes:0

Slash and SSL - Anyone doing this???

posted by Krow on 10:08 AM March 29th, 2002   Printer-friendly   Email story
I've installed MYSQL, Apache, mod_perl, and mod_ssl and of course slash. All latest versions. All work fine. Certificates work fine. Apache + SSL works fine. But I can't seem to get slash running under an SSL environment. Any FAQ on this? Anyone else doing this?? Thx,
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login
Loading... please wait.
  • I don't think it made it into the 2.2.5 tarball, but the latest code in CVS supports Secure HTTP, and I'm running it that way on a site of my own. It's pretty cool actually.

    Options include:

    • You can control with vars whether non-admins are allowed to go Secure (if not, their requests are redirected to the non-secure site, to save your CPU power).
    • Admins can be optionally required to use Secure HTTP so their cookies don't travel in the clear.
    • If they are required to do so, then for any admins who forget and send their cookies in the clear you can optionally shut down their seclev privs until they go back to the secure side and change their password.

    I still have to look up the secure-cookie standard which should in theory prevent admins from making mistakes and sending their cookies in the clear. I want to get that change in there too before we release a 2.3.0 tarball.

    But meanwhile... what problems are you having? Just saying "I can't seem to get slash running" doesn't help diagnose the problem :)