[SAC] Unsafe Trac login; Was: #831: Create alias for nabble admin

Martin Spott Martin.Spott at mgras.net
Wed Nov 16 04:12:38 EST 2011


Hi folks,
while I was checking this ticket, I noticed, that clicking the "Login"
hyperlink in this:

> Ticket URL: <http://trac.osgeo.org/osgeo/ticket/831>

....  page led be to a login session - where you're being requested to
enter your OSGeo password - over unencrypted !! HTTP. I'd say this is a
bug  :-)
If nobody objects, I'll add a general rule to always redirect the
"trac.osgeo.org/osgeo/login" URL to using HTTP*S*.

Cheers,
	Martin.
-- 
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------


More information about the Sac mailing list