[SAC] Unencrypted login to QGIS hub.qgis.org !

Martin Spott Martin.Spott at mgras.net
Sun Feb 24 03:31:29 PST 2013


Hi,
I planned to report a bug concerning building QGIS trunk on my (my
wife's) PeeCee at home and while loggin into "hub.qgis.org/login" I
noticed that this site:

a) Apparently authenticates against OSGeo LDAP, but
b) is not capable of properly retrieving the real name and EMail
   address from OSGeo LDAP,
c) does *not* enforce HTTP SSL encryption at login and, moreover
d) does not even *permit* HTTP SSL encryption at login.

While b) just lets you *look* bad, c) is very bad style and d) is very
bad overall, because you're compromising OSGeo passwords.  Please
*always* add proper encryption whenever authentication is affected.

Thanks,
	Martin.
-- 
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------


More information about the Sac mailing list