staying in SSL
Stefan Scott
lists at ruby-forum.com
Sat Feb 14 07:40:05 MSK 2009
Rob Schultz wrote:
> On Feb 13, 2009, at 9:06 PM, Stefan Scott wrote:
>> is gonna be a whole 'nother can of worms I guess.)
>>
>
> You are going to open yourself up to security issues if you go to a
> http after authentication. All your information will be able to be
> sniffed and potentially get the session id for your current session
> and get into your phpmyadmin install that way. if you want it to be
> secure you need to start on https and stay on https.
OK, thanks for the heads-up! I'll just stay in https for the whole
session then.
--
Posted via http://www.ruby-forum.com/.
More information about the nginx
mailing list