Mixed http and https environment

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
10/15/2007 8:03:15 AM
Gravatar
Total Posts 11

Mixed http and https environment

I will be running mojoportal in an environment where some people will be using an HTTP session, and others will be using an HTTPS session.  According to the documentation, it appears as if mojo is an all-or-nothing when it comes to https.  Is it possible to have some people connect via https, while others use a non-secure connection?  If so, how do I configure mojoportal?

10/15/2007 8:51:51 AM
Gravatar
Total Posts 18439

Re: Mixed http and https environment

Whether the page is secured by https should be based on the security needs of the content not by which user is viewing it. If the data should be encrypted in travelling over the wire for one user why would you ever want the same thing unencrypted for someone else. It doesn't make sense to me what you are asking. Can you explain a scenario where this would be desireable?

 

Joe

10/17/2007 8:45:14 AM
Gravatar
Total Posts 11

Re: Mixed http and https environment

Our network setup is slightly unusual.  If a user is inside the office network, they connect to our intranet via HTTP.  If they are outside the office network, they must connect via HTTPS.  However, the HTTPS does not work from inside the office network.

10/18/2007 3:34:54 PM
Gravatar
Total Posts 18439

Re: Mixed http and https environment

Ok, the problem you are trying to solve makes more sense to me now. I'm imagining your environment is like this: You have a web server with one web site configured on an external ip address for public consumption and one on an internal address for your intranet, but pointing to the same physical folder as the external site. You have an SSL certificate on the external site but not on the internal site. Is that about right?

In that scenario what I would do is download the IIS Resource Kit which has a tool for generating a self signed ssl certificate. I would use that to generate an ssl certificate for your intranet (and you can also use it to generate an ssl cert for dev machines for testing under ssl). I can see no downside to encrypting the data whether its on the public or private side. Your private network is probably more secure but this way even if someone gets access to sniff packets on your private network they still can't get the data.

Hope it helps,

Joe

You must sign in to post in the forums. This thread is closed to new posts.