No subject


Mon Nov 9 10:42:23 UTC 2009


enabled, and the page has been accessed via http

If these are the only two circumstances that call the violation page, it
seems that a login form is not the appropriate content to deliver. Would
it not be more appropriate for the violation page to either redirect to
the requested page using https or display an error message?

Perhaps the decision to use the login form approach was intentional in
handling injection attempts. If that's the case, would it cause any
problems if the violation page's content were to be something like the
following?

[if session shost]
...standard violation content w/ login/logout messages & forms...
[else]
...bounce to secure url of requested page ...
[/else]
[/if]

Hopefully this question makes sense and I've provided enough context.

I'm running Interchange version 5.4.2


Thanks!
Tom

-- 
_______________________________
Global Focus Digital Media, LLC
www.globalfocusdm.com



!DSPAM:4b29402f167892732284068!





More information about the interchange-users mailing list