Yep redir is solution to stupid users
Sent from Samsung Mobile
Am 28.12.2012 04:16, schrieb Benny Pedersen:
Yep redir is solution to stupid users
sorry but this is pure ignorance
i tend often to call users stupid but in this case if you are unable to provide a secure way for users not to bother about protocol prefixes the only stupiud one is the admin
Reindl Harald skrev den 2012-12-28 04:32:
Am 28.12.2012 04:16, schrieb Benny Pedersen:
Yep redir is solution to stupid users
sorry but this is pure ignorance
+1
i tend often to call users stupid
oh :)
but in this case if you are unable to provide a secure way for users not to bother about protocol prefixes the only stupiud one is the admin
haha, ignorance is all over :=)
why pay for ssl when (l)users can get the same content without ssl ?
example:
http://www.no-ssl.example.org/... webmail url ... https://www.no-ssl.example.org/... webmail url ...
the https url is fine in the sense connection is encrypted, both pages shows same content, so more or less users dont care what protocol thay uses, hmm ?, this is unvanted by design
so diff hostname urls so it also gives 2 diff apache webroot dirs !
if users cant get that part right thay will send me a sms to remind me of problems
and https webmail client will detect this mail as a insecure email if the webmail is on https, since i posted both http and https urls here, phishers have never seen this ?
Am 28.12.2012 05:38, schrieb Benny Pedersen:
but in this case if you are unable to provide a secure way for users not to bother about protocol prefixes the only stupiud one is the admin
haha, ignorance is all over :=)
why pay for ssl when (l)users can get the same content without ssl ?
example:
http://www.no-ssl.example.org/... webmail url ... https://www.no-ssl.example.org/... webmail url ...
the https url is fine in the sense connection is encrypted, both pages shows same content, so more or less users dont care what protocol thay uses, hmm ?, this is unvanted by design
so diff hostname urls so it also gives 2 diff apache webroot dirs!
and how does this bullshit help you? you can deliver whatever content you want!
BUT the cookies are per hostname and so you will send your session cookies unecnrypted, so the better way is implement redirect on the non-https and make sure the client send cookies only encrpyted - i really do not get the point why you refuse to understand this?
-
Benny Pedersen -
Reindl Harald