Robotics PM Wiki SSL Login

InternalPub.RoboticsPMWikiSSLLogin History

Hide minor edits - Show changes to markup

December 11, 2006, at 03:12 PM by phoebusc -
Changed lines 10-12 from:

You'll also notice some quirks in the user interface given how PMWiki implements HTTPS. The SSL fix from PMWiki replaces the http:// heading on all internal links to pages within the wiki linked from a protected page (an Internal page, or an edit page) with https://, despite the fact that they are pages viewable to the public and should not be encrypted. Therefore, whenever you navigate from a protected page to a public page, you will get warnings that parts of the public page are not encrypted. The PHP fix to make PMWiki use HTTPS delivers the public page over https:// but then switches over to http:// partway. Note that the links on this public page are no longer prepended by https://, but by http:// as it is suppose to.

to:

You'll also notice some quirks in the user interface given how PMWiki implements HTTPS. The SSL fix from PMWiki replaces the http:// heading on all internal links to pages within the wiki linked from a protected page (an Internal page, or an edit page) with https://, despite the fact that they are pages viewable to the public and should not be encrypted. Therefore, whenever you navigate from a protected page to a public page, you will get warnings that parts of the public page are not encrypted. The PHP fix to make PMWiki use HTTPS delivers the public page over https:// but then switches over to http:// partway through the process. Note that the links on this public page are no longer prepended by https://, but by http:// as it is suppose to.

December 11, 2006, at 03:11 PM by phoebusc -
Added lines 1-13:

When you try to edit pages or view Internal pages on this wiki, you'll need to login. The login page is served over HTTPS/SSL so that your passwords are encrypted. In Firefox or Internet Explorer, you can look for the lock icon next to the URL in the address bar or in the lower right hand corner of your browser on the status bar to indicate that the connection is encrypted.

Whenever you navigate from Internal pages to public (viewable without logging in) pages, or whenever you finish an edit on a page and return to a public page, you will get warnings that parts of the page is not encrypted. In Firefox, this warning comes as a crossed out lock icon (double click it for more info) and in Internet Explorer you get a pop up dialog box. These should be harmless. To understand what is really going on, read the technical details section below.

Technical Details

You'll notice also that the "Edit" pages and the "Internal" pages are also served over HTTPS. While this may result in suboptimal server speeds, this is due to the nature of how PMWiki implements HTTPS.

You'll also notice some quirks in the user interface given how PMWiki implements HTTPS. The SSL fix from PMWiki replaces the http:// heading on all internal links to pages within the wiki linked from a protected page (an Internal page, or an edit page) with https://, despite the fact that they are pages viewable to the public and should not be encrypted. Therefore, whenever you navigate from a protected page to a public page, you will get warnings that parts of the public page are not encrypted. The PHP fix to make PMWiki use HTTPS delivers the public page over https:// but then switches over to http:// partway. Note that the links on this public page are no longer prepended by https://, but by http:// as it is suppose to.

If you have security concerns, or see a loophole in this, please contact Phoebus or Jonathan.