The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
Anyone tried such feature with Snitz?
I feel it is an obligation now for me considering number of methods to sniff networks and/or especially Wi-Fi or outdoor wi-fi accesses if you have certificate for it.
At least on plain text sendings like login screen. If anyone tried, please do let me know.
I feel it is an obligation now for me considering number of methods to sniff networks and/or especially Wi-Fi or outdoor wi-fi accesses if you have certificate for it.
At least on plain text sendings like login screen. If anyone tried, please do let me know.
Posted
All complete. I was able to change the inc_header file to add the redirects and now everytihng works perfectly!!! Thanks guys!!
Posted
Do you have a test login ?
I think you could make it easier on your users. For example, this page does not need to be viewed over a secure connection, the page the username and password are submitted to should be secure i.e. the next page.
What you have done will work fine but it just adds another step to the login process.
I think you could make it easier on your users. For example, this page does not need to be viewed over a secure connection, the page the username and password are submitted to should be secure i.e. the next page.
What you have done will work fine but it just adds another step to the login process.
Posted
I can do that, do you know what the other page is that needs to be secured? the whole idea is that I want to stop the password from being sniffed on the network. If you can enter the password in the input box as soon as you hit the logon button its on the wire. The only way to secure that is to have that page ssl enabled.
Posted
Not correct I'm afraid. This page has no sensitive information on it at all. When a user enters the username & password on that page they enter it into their browser. The username/password is only transmitted on a network when the user clicks "submit" or "login" and it is at this point that the username/password combination is transported to the destination in the <form action="whatever"> tag. As long as the destination is secured i.e. beginning with https:// then the browser will encrypt the username/password before transmission using the public key in your ssl cert and send it to the server which will decrypt the message using a private key.
Posted
Ok, cool. So let me ask you this. If I unsecure the login.asp page they users can enter there data which is what we want. What is the destination page that I have to secure so I can stop the transmit on the network, then redirect back to http. What I am trying to avoid is having the entire site ssl and then people putting images up there and getting the security popups, as well as trying to maintain security for logins.
Great reply btw!! and thanks!
Great reply btw!! and thanks!
Posted
Every page of the forum must be accessible via http:// or https:// and you just need the small code change above for it to work. If you want to prevent the security popups for mixed content you just need to include a check in topic.asp that redirects to an unsecure connection if it detects a secure one. Something like this (completely untested);
What you are doing now will work but it just adds an extra click for the user to login i.e. they cannot enter their username & password on any page, they must go to login.asp and there is no redirect back to an unsecure connection.
Code:
if instr (lcase(Request.ServerVariables("HTTP_HOST")), "https://") then response.redirect ("http://" & Request.ServerVariables("HTTP_HOST") & Request.ServerVariables("URL") & "?" & Request.ServerVariables("QUERY_STRING"))What you are doing now will work but it just adds an extra click for the user to login i.e. they cannot enter their username & password on any page, they must go to login.asp and there is no redirect back to an unsecure connection.
Posted
You Rock!! I will test this out and let you know how it works. Thank you so much!!
Posted
I'm not just a pretty face you know 
. Neither is Shaggy, he's right about the other login & profile pages but we should get this working first.
. Neither is Shaggy, he's right about the other login & profile pages but we should get this working first.