I'm trying to use the ssl requirement plugin with the restful authentication plugin and I have a question that I'm having trouble finding the answer to.
我正在尝试将ssl要求插件与restful认证插件一起使用,我有一个问题,我无法找到答案。
When allowing a user to login from a non-SSL action/page, should I require SSL on the session's create action for increased security, or is that overkill?
当允许用户从非SSL操作/页面登录时,我是否应该在会话的创建操作上要求SSL以提高安全性,或者是否过度杀伤?
If so, how do I get the create action to work going from non-SSL to SSL? It throws a ActionController::MethodNotAllowed exception stating "Only post and delete requests are allowed".
如果是这样,我如何让创建操作从非SSL到SSL工作?它抛出一个ActionController :: MethodNotAllowed异常,指出“只允许发布和删除请求”。
Thanks.
1 个解决方案
#1
I'm working on the same thing here. I think that you should set up the SSL requirement to be used on the session create, because that is the moment when you are handling sensitive information to the server.
我在这里做同样的事情。我认为您应该设置要在会话创建中使用的SSL要求,因为这是您将敏感信息处理到服务器的时刻。
#1
I'm working on the same thing here. I think that you should set up the SSL requirement to be used on the session create, because that is the moment when you are handling sensitive information to the server.
我在这里做同样的事情。我认为您应该设置要在会话创建中使用的SSL要求,因为这是您将敏感信息处理到服务器的时刻。