staying in SSL

Stefan Scott lists at ruby-forum.com
Sat Feb 14 07:40:05 MSK 2009


Rob Schultz wrote:
> On Feb 13, 2009, at 9:06 PM, Stefan Scott wrote:
>> is gonna be a whole 'nother can of worms I guess.)
>>
> 
> You are going to open yourself up to security issues if you go to a
> http after authentication. All your information will be able to be
> sniffed and potentially get the session id for your current session
> and get into your phpmyadmin install that way. if you want it to be
> secure you need to start on https and stay on https.

OK, thanks for the heads-up! I'll just stay in https for the whole 
session then.

-- 
Posted via http://www.ruby-forum.com/.





More information about the nginx mailing list