[Koha] Securing login pages

Chris Cormack chris at bigballofwax.co.nz
Fri Aug 22 20:41:42 NZST 2008


On Fri, Aug 22, 2008 at 6:31 PM, Time Ly <timepehi at yahoo.in> wrote:
> Hello,
>
> Does anyone have experience with securing (only) the login pages on
> OPAC/Intranet/both using HTTPS? Any help is appreciated.
>


Hi Time Ly

You have a couple of options, the easiest one is to change the
templates so that the form action for logging in goes to a https site,
that can then redirect to http site after login. The other option is
to have the page with form on it served as https, this is harder,
because the login form can appear on any page, so you cant just do a
redirect on certain urls.
I dont have a good idea how to accomplish the second one for the opac,
but for the intranet side, you could check if someone is logged in (by
checking the cookie) if not, redirect them to the login on the https
site.
For the opac, you dont have to be logged in, so you would probably
want to remove the login forms from everywhere and have a login page,
then serve that page as https

Hope this helps

Chris


More information about the Koha mailing list