[NSRCA-discussion] Problems logging in to NSRCA Web Forum
Robert L. Beaubien
rob at koolsoft.com
Wed Dec 29 07:55:17 AKST 2010
Understood. One other suggestion that might be easiest of all. Make
www.nsrca.us a separate website that has only one page/function that
redirects to the correct website.
- Robert Beaubien
- NSRCA District 7 Webmaster
-
"No trees were harmed in the sending of this message, however a large
number of electrons were terribly inconvenienced."
-----Original Message-----
From: nsrca-discussion-bounces at lists.nsrca.org
[mailto:nsrca-discussion-bounces at lists.nsrca.org] On Behalf Of Martin X.
Moleski, SJ
Sent: Wednesday, December 29, 2010 9:52 AM
To: General pattern discussion
Subject: Re: [NSRCA-discussion] Problems logging in to NSRCA Web Forum
On 12/29/2010 11:44 AM, Robert L. Beaubien wrote:
> It would probably help a lot to use relative file names so that it
> wouldn't matter if they used www.nsrca.us or nsrca.us at all.
You are, of course, correct.
The exploit in December took advantage of .htaccess, where it is not
hard to put in a rewrite rule. My efforts to restore .htaccess as part
of our system hit a dead end and I have not gone back to see whether I
can revive it.
> Typing www.{domain} is a habit I have when typing a url.
Understood. I saw anomalies for more than a year because I had a
bookmark for nsrca.us with "www" in it. That's how I learned that a
cookie for "www.nsrca.us" does not substitute for one given for
"nsrca.us".
> Either that, or an automatic redirect when the wrong host header is
> receive to the correct host header. I'm not sure how you would go
> about this using .PHP, but in .net it is simply a matter of using the
> Session_Start method in the global.asax , check the host header and
> redirect from there if necessary.
There may be a way to fix it in PHP, but that would involve a "core
hack" both in Joomla and in the Forum software. The best place to catch
it would be in a rewrite rule in .htaccess.
I'm not going to have time to play with that any time soon ...
Marty
_______________________________________________
NSRCA-discussion mailing list
NSRCA-discussion at lists.nsrca.org
http://lists.nsrca.org/mailman/listinfo/nsrca-discussion
More information about the NSRCA-discussion
mailing list