cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Design question
No, it is not the case that all https pages must be authenticated. All
authenticated pages must be https, but that's not the same thing.
The CosignProtected (on/off) directive in conjunction with Location and
Directory directives can be used to selectively protect and unprotect
arbitrary portions of the https uri space. So turning off cosign
protection for a page called, for example, 'registration' might look
or like this:
On Mar 18, 2004, at 7:31 PM, Jonathan Maybaum wrote:
Is it correct that your implementation requires that all https pages
must be authenticated? If so, this presents a problem. We had a page
where people were able to register for a conference (including sending
credit card info). Since anyone is permitted to register, the page was
https, but did not require authentication. Now, apparently, the Cosign
filter will not allow us to have such a page. Is that right?
... "In, as you say, the mud." ...