WeBWorK Main Forum

Testing secure (http/SSL) webwork server. Issues.

Re: Testing secure (http/SSL) webwork server. Issues.

by Danny Glin -
Number of replies: 0
These two things are independent. Setting up the server with https means that traffic between the user's computer and the WeBWorK server is encrypted. ldap vs. ldaps affects the connection between the WeBWorK server and the LDAP server.

Since your students are using passwords that they use for other services, it's important to use https with the WeBWorK server. If you use http, then student passwords are being sent in plain text over the internet.

Regarding ldap vs. ldaps, the first comment is that encrypted traffic is always better than unencrypted, so if at all possible you should be using ldaps. As for the risks of using ldap, it partly depends on your network configuration. If the WeBWorK server and LDAP server are both on the same secure network, then there is little chance of someone intercepting network traffic containing passwords. If there are any public networks between the two servers, then you really need to be using ldaps.