Reindl Harald skrev den 2012-12-28 04:32:
Am 28.12.2012 04:16, schrieb Benny Pedersen:
Yep redir is solution to stupid users
sorry but this is pure ignorance
+1
i tend often to call users stupid
oh :)
but in this case if you are unable to provide a secure way for users not to bother about protocol prefixes the only stupiud one is the admin
haha, ignorance is all over :=)
why pay for ssl when (l)users can get the same content without ssl ?
example:
http://www.no-ssl.example.org/... webmail url ... https://www.no-ssl.example.org/... webmail url ...
the https url is fine in the sense connection is encrypted, both pages shows same content, so more or less users dont care what protocol thay uses, hmm ?, this is unvanted by design
so diff hostname urls so it also gives 2 diff apache webroot dirs !
if users cant get that part right thay will send me a sms to remind me of problems
and https webmail client will detect this mail as a insecure email if the webmail is on https, since i posted both http and https urls here, phishers have never seen this ?