Mon Nov 9 10:42:23 UTC 2009
enabled, and the page has been accessed via http
If these are the only two circumstances that call the violation page, it
seems that a login form is not the appropriate content to deliver. Would
it not be more appropriate for the violation page to either redirect to
the requested page using https or display an error message?
Perhaps the decision to use the login form approach was intentional in
handling injection attempts. If that's the case, would it cause any
problems if the violation page's content were to be something like the
[if session shost]
...standard violation content w/ login/logout messages & forms...
...bounce to secure url of requested page ...
Hopefully this question makes sense and I've provided enough context.
I'm running Interchange version 5.4.2
Global Focus Digital Media, LLC
More information about the interchange-users