I think admin-init could first check for the nsd.tcl value (still supported for legacy reasons):
<blockquote><pre>
ad_parameter RestrictToSSl acs-subsite
</pre></blockquote>
followed by a modified form of the query that joins explicitly with the parameters table to only process those rows that have the parameter set on. The ad_parameter call inside the loop would then disappear. This would be fast, I'm sure.
<p>
Yes, this breaks abstraction but sometimes for performance reasons we can live with doing this, I think.
<p>Actually a slight improvement abstraction-wise would be to write a new proc in defs-procs that returns a list of package_ids for all packages which have a particular parameter set to a particular value. This proc could be grouped with the various procs that deal with parameters (including ad_parameter itself) so would move the dependency on the apm table structure to a common place.
<p>Then admin-init itself wouldn't be dependent on the apm datamodel.
<p>It sounds like a solution for the graphics issue's been found.
<p>As far as restricting logins only ... maybe another "RestrictLoginToSSL" parameter local to acs-subsite and looked at by the login pages themselves would be OK? The current filter value ("admin/*") that RestrictToSSL defaults to doesn't cover the login pages, and usually one doesn't want to set the filter to "/*" (!) ...
