Re: [IUG] Secure/Nonsecure mixed content warning in OPAC
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Date: Fri, 17 Dec 2010 12:27:13 -0800
- From: "David Jones" <djones at scu dot edu>
- Subject: Re: [IUG] Secure/Nonsecure mixed content warning in OPAC
>>> On 12/15/2010 at 01:50 PM, "Weiland, Joshua" <joshw at evpl dot org> wrote:
> I'm not sure why this "/forward/" command is undocumented!
It could be a case where documenting the feature would mean that you have to continue supporting it, or, it could be a case where something is developed for internal use (URL checker maybe?) and never made it to the public documentation. Rendering in or checking responses to HTTP requests to remote servers is a fairly common need for many web applications. Unlike the rewriting proxy server, the /forward/ command link does not appear to modify the content.
While using the /forward/ command link does encrypt the connection between the WebPac and the client, it does not encrypt the connection between the WebPac and the remote server, which would still be susceptible to the same MITM attack as a direct call to the non-secure remote server.
It's best practice to URL encode the URL that is being forwarded as the slashes are reserved in the path segment.
HTH,
David
_____________________________________________________________________
David Jones mailto:djones at scu dot edu
Library Systems Manager http://www.scu.edu/library/
University Library fax: 408-551-1805
Santa Clara University phone: 408-551-7167
500 El Camino Real
Santa Clara CA 95053-0500
_____________________________________________________________________
Logic must take care of itself.
-- Wittgenstein, Notebooks, 1914-196, 22.8.14
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.