[ previous ] [ next ] [ threads ]
 From:  "Alexander C.H. Lorenz" <al at dsncon dot de>
 To:  Dinesh Nair <dinesh at alphaque dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Captive portal authenfication via https
 Date:  Wed, 04 Aug 2004 18:38:28 +0200
Dinesh Nair wrote:

>On Wed, 4 Aug 2004, Alexander C.H. Lorenz wrote:
>>we want to use ssl as authenfication for captive portal users. Its
>>possible or not? We want to code these, but we need the input hw we can
>>change these ... Maybe a ssl-wrapper or via a small popup. At the moment
>>a attacker can sniff the input I given via http ...
>why don't you spawn the captive portal's mini_httpd as a https daemon ?
we use only https as server - but we can only connect via http ..
thats my problem, and I didn't found any rules for it ...
The problem is, when a user make a http request, the better solution 
might be to redirect the authentification into a ssl sesson.
Or whats your opinion?

- Alex