Incident code 16384-46681 reported 8/5/2008
8/29/08 Ex Libris suggests using SSL only for account login and taking the user out of SSL for any non-login catalog functions. Will test with ITS staff the week of 9/2/2008.
8/22/08 Tommy and I spoke, and we cannot think of a solution that makes more sense than the two remaining options:
1. Configure server to jump to 443 only on pages where PII is passed. Apache???s mod_rewrite module may be a solution. This way the browser would contact Google Books over port 80, preventing the warning.
2. Have the poni application query Google Books and return the result to the user???s browser. This may require custom programming. It would eliminate the error since the browser would not have to contact Google Books. Aren
Apache???s mod_rewrite module may allow user session to jump to 443 for login and return to port 80 (non-ssl) after it???s completed. That???s one of the three options that I came up with in last week???s brainstorming session with Jorge and Rebecca. Aren
8/26/2008 Here is an update on the browser security issue with Google Books. After a brain storming session with Aren this afternoon, Chris and I will do further research this week in following areas:
1. Identify all forms and information pages in online catalog that need to be secure;
2. Derive patterns for all those identified;
3. Research on Apache mod_rewrite;
4. Find examples of implementation from others;
5. Research syntax of .htaccess;
Depending on how far we get, we will schedule another meeting with Aren.