Forum OpenACS Q&A: Re: restrict login to ssl

Collapse
3: Re: restrict login to ssl (response to 2)
Posted by Joel Aufrecht on
I played with this before - setting up a web site so that it is impossible for a user to send their password in plain text.  I was able to accomplish it with just the parameters (in kernel and site map, I think) but 1) I didn't fully test by sniffing the HTTP streams, so I'm not sure the password doesn't go through and 2) It broke a lot of graphics and stylesheets.  This would be a nice thing to have written up as a feature request, because it ought to be a single check-box in the parameters.