I think that technically only your form submit should be posted to a SSL based url and the rest doesn't have to. Which shouldn't be so hard. Just setup the 'post to' url in the template (under: form action="" ) or define in the view method where the form is initiated just before rendering.
Thing I'm wondering about though, when the user/password combi is incorrect the most secure way would be to simply send the empty form back in the resulting page, because otherwise a username might be sent back to the client outside the SSL connect. Haven't looked for it yet, but I do want to implement that myself. Lets post if we find anything :) Regards, Gerard. Jani Tiainen wrote: > I'm trying to get Django to make authentication (namely username + > password) to be transferred over HTTPS. But rest of the site is still on > plain old HTTP. > > How this can be done? I've very little success and google didn't gave > much of help either. > > I'm using Apache 2.2 with mod_wsgi and I've total control over my > webserver config. > -- self.url = www.gerardjp.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
