• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Checking for secure connection

Community Beginner ,
Jan 12, 2007 Jan 12, 2007

Copy link to clipboard

Copied

We are building an eCommerce site using CFMX 7 on IIS 6 and would like to know how, once we have a certificate installed, we can be sure a page connection is secure and someone has not typed a http:// address instead of a https:// address

Thanks
TOPICS
Advanced techniques

Views

360

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jan 12, 2007 Jan 12, 2007

Copy link to clipboard

Copied

CGI.HTTP_REFERER will have the full path from the client if your page was reached by a link or a form post. Coming from a bookmark or typing in the URL does not produce a HTTP_REFERER, however.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Jan 12, 2007 Jan 12, 2007

Copy link to clipboard

Copied

You're best off using the settings built into your internet server (i.e. IIS) rather than trying to validate via the application server (CF). We've done this on our servers, but not being the person who did it I can't really offer much in the way of step-by-step instructions. Check google.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Jan 12, 2007 Jan 12, 2007

Copy link to clipboard

Copied

check the #cgi.server_port# for 443
and/or
cgi.https (on/off value)

if the cgi.server_port neq 443 then redirect or if cgi.https is off then
redirect
hth
--
Tim Carley
www.recfusion.com
info@NOSPAMINGrecfusion.com

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jan 16, 2007 Jan 16, 2007

Copy link to clipboard

Copied

Thanks for the suggestion. Works perfectly.

Another question though. We have a sign in on everypage on the site allowing people to access theur account details. However the sign-in processor is in the secure folder. So the checking for 443 error kicks them out when they submit their details. I have tried setting action="https://www.- - - - -/ but it still does not connect securely. Is there anyway i can post a form securely from a non-secure page? (I suspect i know the answer)

Rob

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Jan 16, 2007 Jan 16, 2007

Copy link to clipboard

Copied

Why not make the sign on page SSL too? Seriously, I *never* sign into a
site without the login form secure too...otherwise I leave! Do a little
research and you'll find someone (really bored) could sniff the form for
values...which as you've found, is not secure just by specifying https
as the action.
HTH
--
Tim Carley
www.recfusion.com
info@NOSPAMINGrecfusion.com

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Jan 16, 2007 Jan 16, 2007

Copy link to clipboard

Copied

LATEST
Thanks for that answer, I will have to do a little remodelling.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation