Forum OpenACS Improvement Proposals (TIPs): Re: TIP #75 Add support for HTTPS proxy
6: Re: TIP #75 Add support for HTTPS proxy (response to 1)
Posted by Andrew Grumet on 02/23/05 05:51 PM
My only concern is that if you are not running a Pound proxy, you are not protected against bogus headers. That feels wrong, though I can't immediately think of a reason why someone would want to fake these.
How about a parameter for enabling or disabling the header checking? It should be off by default.
However, this involves a more substantial change and
requires upgrade scripts to the data model.
Are we talking about anything more than one new parameter (it could be a space-separated list)? Adding a new parameter is a simple change to the package info file, no upgrade scripts are needed.