[SAC] Unsafe Trac login; Was: #831: Create alias for nabble admin
Alex Mandel
tech_dev at wildintellect.com
Wed Nov 16 04:15:28 EST 2011
On 11/16/2011 01:12 AM, Martin Spott wrote:
> Hi folks,
> while I was checking this ticket, I noticed, that clicking the "Login"
> hyperlink in this:
>
>> Ticket URL: <http://trac.osgeo.org/osgeo/ticket/831>
>
> .... page led be to a login session - where you're being requested to
> enter your OSGeo password - over unencrypted !! HTTP. I'd say this is a
> bug :-)
> If nobody objects, I'll add a general rule to always redirect the
> "trac.osgeo.org/osgeo/login" URL to using HTTP*S*.
>
> Cheers,
> Martin.
Martin,
That's been on the todo list for a long time. I agree with you all
logins should be https. There were some objections previously having to
do with low bandwidth internet but I think this change will cause
minimal issues.
Anyone else have an opinion?
Thanks,
Alex
More information about the Sac
mailing list