[Qgis-developer] Unencrypted login to QGIS hub.qgis.org !
Martin Spott
Martin.Spott at mgras.net
Sun Feb 24 03:31:29 PST 2013
Hi,
I planned to report a bug concerning building QGIS trunk on my (my
wife's) PeeCee at home and while loggin into "hub.qgis.org/login" I
noticed that this site:
a) Apparently authenticates against OSGeo LDAP, but
b) is not capable of properly retrieving the real name and EMail
address from OSGeo LDAP,
c) does *not* enforce HTTP SSL encryption at login and, moreover
d) does not even *permit* HTTP SSL encryption at login.
While b) just lets you *look* bad, c) is very bad style and d) is very
bad overall, because you're compromising OSGeo passwords. Please
*always* add proper encryption whenever authentication is affected.
Thanks,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
More information about the Qgis-developer
mailing list