[Typo3] typo3 SSL encrypted pages and login

Vincent typo3 at crel.us
Wed Oct 12 07:43:41 CEST 2005 

On Mon, Oct 10, 2005 at 05:19:43PM +0200, Steffen M?ller wrote:
> On 09.10.2005 01:18 Vincent wrote:
> > Update:
> > 
> > I discovered it is not actually encrypting the whole site.  Rather,
> > just the left frame with the index.  If I hover the mouse over the
> > links in the index, they show as https URL's but when I click on one,
> > it is actually an http url.  Then once I log out, the left frame stays
> > encrypted.  It appears that the whole site is encrypted because the
> > location bar still shows an https url but If I load the main (right)
> > frame in a new window, it is actually an http url.
> > 
> > When I log out, the left frame stays encrypted.  Is this a bug?
> > 
> 
> For me, SSL is ok without frames.
> Does it work, if you use a frameless templete?

Ok, I tested it with a frameless static template on the quickstart site.
The login page worked properly under SSL and the rest of the site was
not encrypted after logging in, which I would consider correct behavior.
Only one thing did not seem to work properly.  The login element on the
front page did not know I was logged in and still showed the login form,
so I still had to go to the separate login page to log out.  As
I mentioned before, the lz_https (Secure/Unsecure) extension, did not
have that problem, so I assume that is not the correct behavior.  

Shouldn't the SSL extension work properly with frames when using the
login element?  That is kind of limiting for such a powerful CMS to not
be able to use frames and have a correctly functioning SSL login.

Other than that, typo3, so far, seems like an awesome CMS.  It is a big
learning curve as they say but it looks like it will be worth it in the
long run.  In fact, one of the top 4 reasons that I chose typo3 to start
learning out of all the CMS's I evaluated is that cmsmatrix.org listed
it as having SSL login and encrypted page capability.  In fact SSL
security is important enough for us that it would have been a deal
breaker if it did not have it, if there were any other options that did.
I was surprised to discover that most of the other CMS's are not listed
has having that fundamental feature.

-- 
Avoid the VeriSign/Network Solutions domain registration trap!
Read how Network Solutions (NSI) was involved in stealing our domain name.
http://inetaddresses.net/about_NSI.html

More information about the TYPO3-english mailing list