[ previous ] [ next ] [ threads ]
 
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] https?
 Date:  Sun, 12 Sep 2004 16:53:58 -0700 (PDT) 
On Wed, 1 Sep 2004, Helge Aksdal wrote:
> On Wed, 1 Sep 2004 16:49:56 -0400 (EDT), Matthew Juszczak
> <matt at atopia dot net> wrote: > Is it possible to use https with m0n0wall's
> radius authentication feature?  The form would have to post to
> https://<server> instead of the <form method="post" action=""> as it
> shows now.

That's not quite the right way to do it.  Although there's nothing wrong
in principle with sending a secure filled-in form from an insecure blank
form, if you want the user to see the reassuring little "secure" icon you
need to server the blank form via HTTPS.  Once you do that, using a
relative URL for the POST will inherit the HTTPS.

At least one browser will actually *warn* about sending a secure form from
an insecure page.  Three guesses which vendor. :-)

					Fred Wright

> It's on the todo list.
> http://m0n0.ch/wall/todo.php