We are building an eCommerce site using CFMX 7 on IIS 6 and
would like to know how, once we have a certificate installed, we
can be sure a page connection is secure and someone has not typed a
http:// address instead of a https:// address
CGI.HTTP_REFERER will have the full path from the client if
your page was reached by a link or a form post. Coming from a
bookmark or typing in the URL does not produce a HTTP_REFERER,
however.
You're best off using the settings built into your internet
server (i.e. IIS) rather than trying to validate via the
application server (CF). We've done this on our servers, but not
being the person who did it I can't really offer much in the way of
step-by-step instructions. Check google.
Another question though. We have a sign in on everypage on
the site allowing people to access theur account details. However
the sign-in processor is in the secure folder. So the checking for
443 error kicks them out when they submit their details. I have
tried setting action="https://www.- - - - -/ but it still does not
connect securely. Is there anyway i can post a form securely from a
non-secure page? (I suspect i know the answer)
Why not make the sign on page SSL too? Seriously, I *never*
sign into a
site without the login form secure too...otherwise I leave!
Do a little
research and you'll find someone (really bored) could sniff
the form for
values...which as you've found, is not secure just by
specifying https
as the action.
HTH
--
Tim Carley
www.recfusion.com
info@NOSPAMINGrecfusion.com