Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
SSL for either admin or public site?
r1765 introduces https as a sitewide protocol option. Wouldn’t it be reasonable to split this option into two, one for the public site and one for admin access ?
Offline
#2 2006-08-30 08:01:35
- zem
- Developer Emeritus
- From: Melbourne, Australia
- Registered: 2004-04-08
- Posts: 2,579
Re: SSL for either admin or public site?
Alternatively, what about something like this:
define('PROTOCOL', (strtolower(serverSet('HTTPS')) == 'on' ? 'https://' : 'http://'));Alex
Offline
Re: SSL for either admin or public site?
Caveat: There are bridges (front side article edit links, e.g. rss_article_edit, and the “View site” link on the admin side). Automatic determination of protocol prefix would eventually carry preferences from one side onto the other, which might no be desirable.
Offline
Re: SSL for either admin or public site?
Split protocol for admin/public side is a nice feature.
But our first step is being able to use ssl at all without having to touch code in lots of places.
The auto-selecting of zem has the advantage that the user can choose at anytime – I am guessing that most people have their admin-side bookmarked, so to a degree (with your mentioned caveats) you could already use split protocols for public/admin-side (or you can force it with a rewrite-rules in the webserver).
Offline
#5 2006-08-31 01:56:26
- zem
- Developer Emeritus
- From: Melbourne, Australia
- Registered: 2004-04-08
- Posts: 2,579
Re: SSL for either admin or public site?
That seems like a reasonable solution to me, at least to begin with: auto-selection on both the admin and user sides; rewrite/redirect rules or special bookmarks to force one way or the other.
Ultimately we might need some combination of global settings, and overriding for specific pages and/or tags (perhaps <txp:permlink https=1 /> or something like that). Let’s start with something simple and see where it takes us.
Alex
Offline
Re: SSL for either admin or public site?
Now that I finally got around to testing it, I’ve checked in zem’s suggestion above. Textpattern will automatically detect and accomodate for whether the connection is SSL-secured or not. If there is a desire that some parts shouldy only/not be reachable via SSL, this should currently be configured on the server.
Usually people that have SSL-certificates are also in a position to configure the webserver to redirect/deny-access to certain domains/directories depending on whether SSL is used or not. Hence I don’t think duplicating that in Textpattern should be a high priority (plus it could be solved by plugins with output-buffering and rewriting links)
Offline
Pages: 1