[ic] AlwaysSecure is not working
Joachim Leidinger
interchange-users@interchange.redhat.com
Mon Feb 25 20:11:01 2002
Andrew McBeath wrote:
>
> >
> >
> >>>
> >> Check out the ExtraSecure config directive...it allows only secure
> >> access to pages marked by AlwaysSecure...
> >
> >
> > Sure????
> >
> > I'm logged in as an user, who is allowed to access the checkout page.
> > After adding ExtraSecure into catalog.cfg, I get the violation page. Is
> > that the right result?
> >
> > Thanks!
> >
> > Joachim
> >
> [doco]
> http://interchange.redhat.com/cgi-bin/ic/docfly.html?mv_arg=icconfig05.26
>
> ExtraSecure
> Disallows access to pages which are marked with AlwaysSecure unless the
> browser is in HTTPS mode.
> A Yes/No directive, the default is 'No.'
> ExtraSecure Yes
> *** icconfig, ExtraSecure
> [/doco]
Did you test it?
1. Without ExtraSecure:
the normal user/customer with account can access the checkout page with
SSL
2. a manual call of the checkout page is insecure
3. With ExtraSecure:
the normal user/customer get the violation page
4. a manual call of the checkout page has the same result as 3.
Joachim
BTW:
Beat me, if I'm wrong!
--
Hans-Joachim Leidinger | Dipl.-Phys.Ing. Entwicklung eCommerce
[leidinger@bpanet.de]
Black Point Arts Internet Solutions GmbH
http://www.bpanet.de