[opencms-dev] Securing OpenCms workplace login
Sebastian Himberger
sebastian.himberger at gmx.de
Thu Feb 10 20:18:15 CET 2005
Hi Jeremy
you're right, multiple hosts for one ip are not possible because the
handshake is happening before the virtual host ist resolved. although it
is possible to build a https proxy with mod_proxy and mod_rewrite. I
don't know if this helps in your particular case but i've attached an
example how i achieved ssl for multiple virtual hosts.
# SSL Proxy
<VirtualHost *:443>
DocumentRoot "/"
ServerName ssl.server.de
SSLCertificateFile conf/ssl/server.cert
SSLCertificateKeyFile conf/ssl/server.key
SSLEngine on
RewriteEngine on
RewriteCond (%{HTTP_HOST}) host\.de
RewriteRule ^(.*) http://www.host.de$1 [P]
RewriteCond (%{HTTP_HOST}) host2\.de
RewriteRule ^(.*) http://www.host2.de$1 [P]
</VirtualHost>
I don't know if this works with cookies but perhaps it may help you a
little bit.
Good luck
Sebastian
Jeremy Cavagnolo wrote:
> Thanks for the suggestions. It seems to me that I would have to modify
> the OpenCms login module to add javascript MD5 encryption. However,
> upon more digging, I found the following in opencms-system.xml:
>
> <passwordhandler
> class="org.opencms.security.CmsDefaultPasswordHandler">
> <encoding>UTF-8</encoding>
> <digest-type>MD5</digest-type>
> <param name="compatibility.convert.digestencoding">false</param>
> </passwordhandler>
>
> Is there any documentation on the passwordhandler in
> opencms-system.xml? Does this default configuration use javascript to
> encrypt the password BEFORE sending it?
>
> Thanks,
>
> jeremy
>
>
>
> On Thu, 2005-02-10 at 09:42, Jorge González wrote:
>
>>Sorry if this doesn't work for you but...
>>
>>Why don't you send the password hash instead clear.
>>You can use a simple javascript md5 hash and send the hash, not the password
>>thru the wires.
>>
>>If you need all the info secured, this will not work, of course...
>>
>>
>>
>>_______________________________________________
>>This mail is send to you from the opencms-dev mailing list
>>To change your list options, or to unsubscribe from the list, please visit
>>http://mail.opencms.org/mailman/listinfo/opencms-dev
>
>
>
>
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev
>
More information about the opencms-dev
mailing list