Forum OpenACS Improvement Proposals (TIPs): Re: TIP #75 Add support for HTTPS proxy

Collapse
Posted by Andrew Grumet on
My only concern is that if you are not running a Pound proxy, you are not protected against bogus headers. That feels wrong, though I can't immediately think of a reason why someone would want to fake these.

How about a parameter for enabling or disabling the header checking? It should be off by default.

However, this involves a more substantial change and
requires upgrade scripts to the data model.

Are we talking about anything more than one new parameter (it could be a space-separated list)? Adding a new parameter is a simple change to the package info file, no upgrade scripts are needed.