10-31-2006, 01:37 PM
|
#2 (permalink)
|
| Senior Member Join Date: Jun 2003 Location: UK
Posts: 3,547
|
| |
Originally Posted by Ferman | |
i want to browse https:// urls without the need of installing cgiproxy on a secure server. do you know how to modify the code ?
| There is an option within nph-proxy.cgi to allow it. Code: # WARNING:
# EXCEPT UNDER RARE CIRCUMSTANCES, ANY PROXY WHICH HANDLES SSL REQUESTS
# SHOULD *ONLY* RUN ON AN SSL SERVER!!! OTHERWISE, YOU'RE RETRIEVING
# PROTECTED PAGES BUT SENDING THEM BACK TO THE USER UNPROTECTED. THIS
# COULD EXPOSE ANY INFORMATION IN THOSE PAGES, OR ANY INFORMATION THE
# USER SUBMITS TO A SECURE SERVER. THIS COULD HAVE SERIOUS CONSEQUENCES,
# EVEN LEGAL CONSEQUENCES. IT UNDERMINES THE WHOLE PURPOSE OF SECURE
# SERVERS.
# THE *ONLY* EXCEPTION IS WHEN YOU HAVE *COMPLETE* TRUST OF THE LINK
# BETWEEN THE BROWSER AND THE SERVER THAT RUNS THE SSL-HANDLING PROXY,
# SUCH AS ON A CLOSED LAN, OR IF THE PROXY RUNS ON THE SAME MACHINE AS
# THE BROWSER.
# IF YOU ARE ABSOLUTELY SURE THAT YOU YOU TRUST THE USER-TO-PROXY LINK, YOU
# CAN OVERRIDE THE AUTOMATIC SECURITY MEASURE BY SETTING THE FLAG BELOW.
# CONSIDER THE CONSEQUENCES VERY CAREFULLY BEFORE YOU RUN THIS SSL-ACCESSING
# PROXY ON AN INSECURE SERVER!!!
$OVERRIDE_SECURITY= 0 ; |
| |