LimeSurvey issue tracker
Registration

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
07405Feature requests[All Projects] Authenticationpublic2010-04-26 15:162010-04-26 15:16
Reporterjelo 
Assigned To 
PrioritynormalSeverityfeature 
StatusacknowledgedResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary07405: SSLencrypted Adminlogin without enforcing SSLencrypted access to the surveys
Description
The setting of $rooturl = "http://$_SERVER['HTTP_HOST'] [^] only allows you to set https or http . No casewise SSLencryption.

Often installations are using selfsigned certs which will produce cryptic messages beside adding load when just delivering surveys to respondents.

A workaround is leaving the $rooturl empty. But that is causing problems with e.g. links in emails incorrect.

To use rewrite url routine of the webserver is another.

Additional InformationA possible solution: Offer a separate admin url in the config.php

With the separate admin url setting the SSL can be enforced when loggin in without causing any problems on the frontend side.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

Issue Community Support
Only registered users can voice their support. Click here to register, or here to log in.
Supporters: DenisChenu
Opponents: user1, tringate, jjmartinez

- Issue History
Date Modified Username Field Change


Copyright © 2000 - 2014 MantisBT Team
Powered by Mantis Bugtracker