[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Securing Admin Pages
- Subject: Re: [cobalt-security] Securing Admin Pages
- From: "Jelmer Jellema" <cobalt@xxxxxxxxxxxxxxx>
- Date: Thu, 28 Feb 2002 22:27:56 +0100
- Organization: Spin in het Web (www.spininhetweb.nl)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
From: "Matthew Nuzum" <cobalt@xxxxxxxxxxxxx>
>
> Rule of thumb, don't use http; use a secure cert (even a self-signed
> one) and https.
>
> Jeff
> If you're using a self signed cert, the person viewing the website get's
> security warnings. One stating that some of the content is secure,
> other content isn't, then again stating that you have not chosen to
> trust blah blah blah.
Yeah, I saw this too. The one about the not trusted cert is inavoidable
(there is another thread about this).
The other one: "part of the content is not secure would you like to show the
insecure items" or something like that.
I had this when I:
1. With SSL DISabled, went to my admin page http://mysite/admin/
2. The url was rewritten I think, to http://blah/.cobalt/blah
3. I made a IE favourite for this page
4. I enabled SSL on the mainsite
5. I changed the url in my favourite to https://blah/.cobalt/blah
Now, when I went to http://mysite/admin/ there was no problem, but...
when I used the favourite, there was a problem because IE not only saves the
url, but also the urls of all the frames in the frameset, which were not
changed in the https version, hence the warning
Solution: remove the favourite, make a new one after enabling SSL.
Jelmer