My 4-year-old can design better than this

Aug. 16th, 2007 11:26 am
[identity profile] margaretc.livejournal.com posting in [community profile] techrecovery
We have a web designer in-house who wants to set up his web pages so that once the user is logged in on a secure page there are redirects that send the user back to http/port 80/insecure/unencrypted web pages for the rest of the browsing session (this is the same guy it took 5 days to help buy a secure certificate).

We've worked for 3 or 4 days with mod_rewrite and weird redirect rules and finally actually got it WORKING, and he comes out with this gem:


It works as expected with a slight wrinkle. I've tried it in IE and the testing/ directory takes more than a few minutes to load and throws up numerous Security Alert popups, almost continuosly, I think it is because the images and css files are in different directories than the php file, but for IE it's really a deal braker. Perhaps we can find some code that fixes this?
  • Current Mood: cranky
  • Current Location: web designer hell
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2007-08-16 03:31 pm (UTC)
From: [identity profile] samwize.livejournal.com
Oh MAN! This guys is a complete tool. Light him on fire. Or at least push down a group policy that cranks his MenuShowDelay up into the 32000 range.

Date: 2007-08-16 04:23 pm (UTC)
From: [identity profile] jon787.livejournal.com
I'm suprised you actually helped him to begin with. People like that shouldn't be given control over any security stuff.

Date: 2007-08-16 04:33 pm (UTC)
From: [identity profile] margaretc.livejournal.com
Didn't have a choice. Boss told me to.

Date: 2007-08-16 05:46 pm (UTC)
From: [identity profile] cs-neo.livejournal.com
That's rough :(

Oh, and off topic, how is it that as soon as I saw that userpic, I knew you were a fellow member of the SCA? :)

Date: 2007-08-16 09:33 pm (UTC)
From: [identity profile] margaretc.livejournal.com
Yeah well. We're all over the LJ.

Date: 2007-08-17 09:48 am (UTC)
From: [identity profile] japester.livejournal.com
Indeed. we are taking over the world.

Date: 2007-08-16 05:49 pm (UTC)
From: [identity profile] kalium.livejournal.com
KIIIIIIIIIIIIIIIIIILL!

I just have to ask...

Date: 2007-08-17 01:13 pm (UTC)
From: [identity profile] jakari.livejournal.com
Why bother?

Is the SSL overhead really that bad for your site volume? Bet it really doesn't add more time than jumping through mod_rewrite a dozen times.

And for all the hackery (time) you've put into it, could have bought a crypto accelerator for less.

Re: I just have to ask...

Date: 2007-08-17 05:39 pm (UTC)
From: [identity profile] margaretc.livejournal.com
That's a good question, that is. I don't have an answer, and the bossman is well aware of the cost overhead of this sort of thing. This site isn't ever going to have more than maybe 100 hits/day, if even that many. So there's not enough overhead to matter. It is, unfortunately, simply a case of 'what the client wants, the client gets', even if it's dumb.

Date: 2007-08-17 05:00 pm (UTC)
From: [identity profile] crazdgamer.livejournal.com
I'm not a web designer, and I have very little SSL/web security experience...

but would it not make sense to simply use SSL on ALL the pages that have to be secured instead of logging in secure and then going to non-secure pages?

Date: 2007-08-17 05:41 pm (UTC)
From: [identity profile] margaretc.livejournal.com
Yeah, that's pretty much what I'm wondering. He's a dufus and has no clue. *shrug*
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

techrecovery: (Default)
Elitist Computer Nerd Posse
Tech Comedy (Reddit)

April 2017

S M T W T F S
      1
2345678
91011121314 15
16171819202122
23242526272829
30      

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Mar. 19th, 2026 08:26 pm
Powered by Dreamwidth Studios