Can someone please explain the theory behind which pages should be secured?

Obviously the login pages should be secured so that passwords aren't sniffed. Once you are logged in I guess you are passing cookies back and forth.

Why are these pages secured by default: node/add*, node/*/edit? I'm not concerned if anyone sees the pages as I am saving them... only if they can edit things...

Thanks for any insight that can be provided.

Comments

Anonymous’s picture

Anonymous (not verified) commented

Hello,

Here is how i have the securepages module configured

For "Make secure only the listed pages" i have listed

admin*
user
user/login
user/register
user/password

I also disabled the login block and provided a new block that is shown for anonymous users which has a link that points to user/login

That looks to be the best configuration.

Best, Paul

fletchgqc’s picture

fletchgqc commented

Why do you secure admin*?

Anonymous’s picture

Anonymous (not verified) commented

My reasoning was to keep the configuration of any of my modules and any other information that may be posted using the admin pages private. If you don't secure admin* then you will always need to be aware of what information is being posted using these pages .

fletchgqc’s picture

fletchgqc commented

I think that's a good argument.

fletchgqc’s picture

fletchgqc commented
Status: Active » Closed (fixed)
Anonymous’s picture

Anonymous (not verified) commented

Another ..
/user/*/edit