From: George C. <gc...@gr...> - 2007-08-29 19:46:32
|
adding developer listserv to this as at least part of the question is code-related i'll let others comment on the substance ________________________________ From: mif...@li... [mailto:mif...@li...] On Behalf Of Andrew White Sent: Wednesday, August 29, 2007 12:40 PM To: Mifos functional discussions Subject: [Mifos-functional] http vs https for access to Mifos Hi all, Here in Honduras we are hoping to force all the traffic to our Mifos implementation through an SSL (https) session so that usernames and passwords, as well as financial data, to not cross the Internet in cleartext. While forcing a normal web session through https via http can be easily accomplished via configuration settings in Tomcat+JBoss, I am concerned that some of the html that is output to the client's browser (e.g . via javascript) will output http: links. A quick glance through some of the code seems to show this concern is indeed valid ... I see references to http methods but am not sure if http links are output to the client browser. Does anyone know if this concern is indeed justified? Does anyone else have the concern that there is no encryption supported for Mifos sessions? -Andrew |