Hi -
I need to use SSL in certain areas of my app. I have read about
ssl_required via the ‘book’ and online:
It looks like what I need and want. However, I read that it may have
issues with Nginx and that it may have loopholes in regards to
securing requests from client to server.
http://blog.aisleten.com/2008/06/02/beware-of-ssl_requirement/
I’m not certain of the validity of this or whether its been addressed.
So I’m curious - what’s everyone using for SSL?
Any help/tips greatly appreciated.
Thanks!
Hi,
I use ssl_requirement. I read the blog post about the holes, and really
there is absolutely nothing to worry about, simply make sure the page
where the form is displayed has https in the URL and you’re 100% safe.
Anyway IE would issue a warning if the form that is about to submit data
is not on a totally secured page (images, etc.). And now on Firefox 3.5
an https url also has a blue bar (or green bar for Extended Validation)
so the user has a better visual information that the page he is on is
secured.
There are no security problems at all with ssl_requirement.
On my production server I proxy ssl through apache. On Bluehost I
believe I will be doing the same thing.
On Jul 25, 3:11 pm, Fernando P. [email protected]