Release Support > 0.1 beta 2

Using SSL to log in

(1/2) > >>

Adam:
Morning guys and gals,

I have searched but can't quite find an answer to my question, apologies if it has been asked before.

I know I can secure Roundcube using my ssl but what I would like to do is only secure the log in page. So if someone goes to http://mail.domain.net or https://mail.domain.net when they click on submit the log on details are sent securely. Once inside roundcube it goes back to http://.

If it has been answered and someone knows where can you point me to the right thread?

Thanks

Adam  :D

Ichiban:
Agreed. This would be a great feature. Right now I just have eveyone use SSL for the entire session, but that's kind of overkill. SSL just for the authentication would be ideal. I looked at how to change the source to do this myself, but I'm only just learning PHP now. If no-one else gets to it, I'll be happy to tackle it once my skills are up to snuff.

cluge:

--- Quote ---I know I can secure Roundcube using my ssl but what I would like to do is only secure the log in page. So if someone goes to http://mail.domain.net or https://mail.domain.net when they click on submit the log on details are sent securely. Once inside roundcube it goes back to http://.
--- End quote ---

This can be done in apache with modrewrite. The HTTP login page will be redirected to the HTTPS login page, and once logged in you can return to HTTP by the same methodology.

See http://opensource.apress.com/article/61/9-useful-modrewrite-recipes

cluge

Adam:

--- Quote from: cluge ---
--- Quote ---I know I can secure Roundcube using my ssl but what I would like to do is only secure the log in page. So if someone goes to http://mail.domain.net or https://mail.domain.net when they click on submit the log on details are sent securely. Once inside roundcube it goes back to http://.
--- End quote ---

This can be done in apache with modrewrite. The HTTP login page will be redirected to the HTTPS login page, and once logged in you can return to HTTP by the same methodology.

See http://opensource.apress.com/article/61/9-useful-modrewrite-recipes

cluge

--- End quote ---

Any idea how.. I must confess to not being the best with modrewrite and the examples at the above link don't really help me :-\

Adam:
I've been talking to a colleague about this and he doesn't seem to think that we can use. htaccess as Roundcube uses AJAX and doesn't do a full postback. Just some javascript calls in the background. So for now I'm going to keep the whole thing SSL'd but would be interested if anyone figures it out.

There must be a way.... lol

Ad

Navigation

[0] Message Index

[#] Next page

Go to full version