[Cabal] Moving toward a more manageable FAQ

Daniel Atallah daniel.atallah at gmail.com
Tue Dec 19 18:15:42 EST 2006


On 12/19/06, Ethan Blanton <elb at psg.com> wrote:
> (By the way, should we turn off http to that server, or redirect it to
> https?  I think we should, at least if users are logged in or logging
> in.)

I've patched the AccountManagerPlugin so that it will force https for
the Registration, Login and Account Settings editing.  I'm thinking
that this should be adequate, and we don't need the overhead (I
believe it is non-trivial, but I could be mistaken) of SSL for
everything.  Does that sound reasonable, or are there additional
things that need to be done over a secure connection?

-D


More information about the Cabal mailing list