Stories
Slash Boxes
Comments

Slash Open Source Project

This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login
Loading... please wait.
  • by jamiemccarthy (414) on Friday March 29 2002, @12:13PM (#4623) Homepage
    I don't think it made it into the 2.2.5 tarball, but the latest code in CVS supports Secure HTTP, and I'm running it that way on a site of my own. It's pretty cool actually.

    Options include:

    • You can control with vars whether non-admins are allowed to go Secure (if not, their requests are redirected to the non-secure site, to save your CPU power).
    • Admins can be optionally required to use Secure HTTP so their cookies don't travel in the clear.
    • If they are required to do so, then for any admins who forget and send their cookies in the clear you can optionally shut down their seclev privs until they go back to the secure side and change their password.

    I still have to look up the secure-cookie standard which should in theory prevent admins from making mistakes and sending their cookies in the clear. I want to get that change in there too before we release a 2.3.0 tarball.

    But meanwhile... what problems are you having? Just saying "I can't seem to get slash running" doesn't help diagnose the problem :)