[opencms-dev] Securing OpenCms workplace login

Sebastian Himberger sebastian.himberger at gmx.de
Thu Feb 10 20:18:15 CET 2005 

Hi Jeremy

you're right, multiple hosts for one ip are not possible because the 
handshake is happening before the virtual host ist resolved. although it 
  is possible to build a https proxy with mod_proxy and mod_rewrite. I 
don't know if this helps in your particular case but i've attached an 
example how i achieved ssl for multiple virtual hosts.

# SSL Proxy
<VirtualHost *:443>
   DocumentRoot "/"
   ServerName ssl.server.de
   SSLCertificateFile conf/ssl/server.cert
   SSLCertificateKeyFile conf/ssl/server.key
   SSLEngine on
   RewriteEngine on
   RewriteCond (%{HTTP_HOST}) host\.de
   RewriteRule ^(.*) http://www.host.de$1 [P]
   RewriteCond (%{HTTP_HOST}) host2\.de
   RewriteRule ^(.*) http://www.host2.de$1 [P]
</VirtualHost>

I don't know if this works with cookies but perhaps it may help you a 
little bit.

Good luck
Sebastian

Jeremy Cavagnolo wrote:
> Thanks for the suggestions.  It seems to me that I would have to modify
> the OpenCms login module to add javascript MD5 encryption.   However,
> upon more digging, I found the following in opencms-system.xml:
> 
> <passwordhandler    
>         class="org.opencms.security.CmsDefaultPasswordHandler">
>      <encoding>UTF-8</encoding>
>      <digest-type>MD5</digest-type>
>      <param name="compatibility.convert.digestencoding">false</param>
> </passwordhandler>
> 
> Is there any documentation on the passwordhandler in
> opencms-system.xml?  Does this default configuration use javascript to
> encrypt the password BEFORE sending it?
> 
> Thanks,
> 
> jeremy
> 
> 
> 
> On Thu, 2005-02-10 at 09:42, Jorge González wrote:
> 
>>Sorry if this doesn't work for you but...
>>
>>Why don't you send the password hash instead clear.
>>You can use a simple javascript md5 hash and send the hash, not the password
>>thru the wires.
>>
>>If you need all the info secured, this will not work, of course...
>>
>>
>>
>>_______________________________________________
>>This mail is send to you from the opencms-dev mailing list
>>To change your list options, or to unsubscribe from the list, please visit
>>http://mail.opencms.org/mailman/listinfo/opencms-dev
> 
> 
> 
> 
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev
>

More information about the opencms-dev mailing list