Re: Deny non-ssl access for login web pages

From: Barry Margolin <barmar@xxxxxxxxxxxx>
Date: Mon, 29 May 2006 12:48:31 -0400

In article <1148872352.188810.239110@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
"Warren" <warren.liyongbo@xxxxxxxxx> wrote:

Hi,

I'd like to know how I can deny non-ssl(non-https) access to my login
page, but after user logging in, normal http should be used.

Should it be set at my web page or at the my web server (OC4J
container) level?
Now I have both http and https on the web server enabled, but the
tester can access the non-secured login page by manually typing in
"http://....";.

Any hints? Thanks.

I suggest you ask in the appropriate comp.infosystems.www.authoring.*
newsgroups.

--
Barry Margolin, barmar@xxxxxxxxxxxx
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
.

References:
- Deny non-ssl access for login web pages
  - From: Warren

Prev by Date: Re: capture/sniff/reconstruct graphic files
Next by Date: Re: How to protect your Online Customers' passwords?
Previous by thread: Deny non-ssl access for login web pages
Next by thread: Re: Symantec AntiVirus Worm Hole Puts Millions at Risk
Index(es):
- Date
- Thread

Relevant Pages

Elementary security questions
... easy to ensure that the login process was handled entirely over SSL, ... converting a request for the login page made via http into a request ... In my JSP ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: SSL Forms Authentication Redirect - Problem Redirecting out of HTTPS
... allowing an authentication cookie to be passed over an HTTP ... My login script goes into SSL just fine. ... The load balancer is maintaining server affinity. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: How to implement a automatic login function
... a web client which programmatically send http post request to send login ... I am simply trying to simulate a normal login. ... username and password via a post and authenticate using the ...
(microsoft.public.dotnet.framework.aspnet)
Re: SSL Forms Authentication Redirect - Problem Redirecting out of HTTPS
... allowing an authentication cookie to be passed over an HTTP ... My login script goes into SSL just fine. ...
(microsoft.public.dotnet.framework.aspnet.security)
Deny non-ssl access for login web pages
... I'd like to know how I can deny non-sslaccess to my login ... page, but after user logging in, normal http should be used. ... Now I have both http and https on the web server enabled, ...
(comp.security.misc)