In the past, I have always handled secure sections of websites using IIS.
You put the files you want to transfer data securely in a folder and you
indicate that in IIS. If you really need to force the url, then I have also
encountered code that picks up the current domain or server and then
concatenates the url accordingly.
Now, I have this site that someone else set up and they have hard-coded the
links with the https prefix to force them to be handled securely (not to
mention some other plain ol' links as well). Why would they not setup secure
directories? I can't remember if IIS prevents you from running the pages in
a non-secure mode. Of course, the other major problem with this in that it's
a pain in the *** if you're using a test server. Anyone know why someone
would do this? Is there some search engine penalty if you don't hard code
full urls in html? Another interesting thing is that this is buried in
asp.net controls, which I don't even expose links, so I really don't
understand why that is not done using relative links, unless there is some
goofy-ness with these controls living in the bin folder. At any rate, I
usually use relative pathing myself just to keep my sanity when testing.
All opinions are welcome, before I set about trying to correct this mess! 2 1210
Might be worth seeing if you can contact the developer and get their
reasons. I see no technical reason why you need to code the URLs using
https:// except where one is switching from a http:// site over to a
https:// site
Cheers
Ken
"Ron Weldy" <ro******@msn.com> wrote in message
news:%2****************@TK2MSFTNGP12.phx.gbl... In the past, I have always handled secure sections of websites using IIS. You put the files you want to transfer data securely in a folder and you indicate that in IIS. If you really need to force the url, then I have also encountered code that picks up the current domain or server and then concatenates the url accordingly.
Now, I have this site that someone else set up and they have hard-coded the links with the https prefix to force them to be handled securely (not to mention some other plain ol' links as well). Why would they not setup secure directories? I can't remember if IIS prevents you from running the pages in a non-secure mode. Of course, the other major problem with this in that it's a pain in the *** if you're using a test server. Anyone know why someone would do this? Is there some search engine penalty if you don't hard code full urls in html? Another interesting thing is that this is buried in asp.net controls, which I don't even expose links, so I really don't understand why that is not done using relative links, unless there is some goofy-ness with these controls living in the bin folder. At any rate, I usually use relative pathing myself just to keep my sanity when testing.
All opinions are welcome, before I set about trying to correct this mess!
I once asked a developer why they used absolute oaths instead of relative
paths. They said that was the only thing that worked. Obviously they did
not know how to use relative paths...
As Ken says, you need to use it when you change over to https from http.
--
Regards,
Kristofer Gafvert www.gafvert.info - My Articles and help www.ilopia.com
Ron Weldy wrote: In the past, I have always handled secure sections of websites using IIS. You put the files you want to transfer data securely in a folder and you indicate that in IIS. If you really need to force the url, then I have
also encountered code that picks up the current domain or server and then concatenates the url accordingly.
Now, I have this site that someone else set up and they have hard-coded
the links with the https prefix to force them to be handled securely (not to mention some other plain ol' links as well). Why would they not setup
secure directories? I can't remember if IIS prevents you from running the pages
in a non-secure mode. Of course, the other major problem with this in that
it's a pain in the *** if you're using a test server. Anyone know why someone would do this? Is there some search engine penalty if you don't hard code full urls in html? Another interesting thing is that this is buried in asp.net controls, which I don't even expose links, so I really don't understand why that is not done using relative links, unless there is
some goofy-ness with these controls living in the bin folder. At any rate, I usually use relative pathing myself just to keep my sanity when testing.
All opinions are welcome, before I set about trying to correct this mess! This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Aaron |
last post by:
Hey, I have a question about how secure the following will be....
I want to have a login form that posts to itself, so when it loads it checks
if there is a username and password on the query...
|
by: Rainer Rosenberger |
last post by:
Hello, in an intranet we have the requirement to communicate between two
browser windows, e.g. read hidden fields or execute functions in other
window. This works fine as long as both windows come...
|
by: Dan V. |
last post by:
Situation:
I have to connect with my Windows 2000 server using VS.NET 2003 and C# and
connect to a remote Linux server at another company's office and query their
XML file. Their file may be...
|
by: dtblankenship |
last post by:
Hello all,
I am creating an application which must send an email once all has been
submitted to the user with a confirmation. In my workplace, we're
required to use a remote SSL SMTP server to...
|
by: Iulian Ionescu |
last post by:
I have a page (http://www.something.com/) and a secure page (https://secure.something.com) and the secure.something.com points to http://www.something.com/secure/
All works ok, but, when I...
|
by: sharp2037 |
last post by:
Hi Everyone,
I am working on an ASP.net application and I have a homepage to which
everyone visits of course and on that front page I have a user ID and
password box and a login button.
What...
|
by: Laszlo Nagy |
last post by:
Hello,
I'm trying to create a simple XMLRPC server and a client. It is a small
application, but the connection needs to be secure. I would like the
client to be as thin as possible. Ideally, the...
|
by: rb |
last post by:
I'm writing an application that should have few pages secure
(signin, account management etc) and a bunch of pages that are
"public" (http, non-secure).
I thought that because the way...
|
by: knal |
last post by:
Hi there,
I'm looking for a secure login script for a sort-of-community site...
(PHP, MySQL, sessions, or maybe something else ... )
I know there are a lot of scripts out there, but none of them...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |