[SAC] [OSGeo] #1772: Password reset link is not https

OSGeo trac_osgeo at osgeo.org
Wed Aug 3 15:04:15 PDT 2016


#1772: Password reset link is not https
---------------------------+---------------------
 Reporter:  wildintellect  |       Owner:  sac@…
     Type:  task           |      Status:  closed
 Priority:  major          |   Milestone:
Component:  Systems Admin  |  Resolution:  fixed
 Keywords:                 |
---------------------------+---------------------
Changes (by strk):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 The password reset link in the mail is currently http or https depending
 on the scheme used to request the reset link. Basically the script sends a
 link to self (SCRIPT_URI).

 I've now forced the reset link to be https no matter access schema
 See commit e2bfe459f38fafb594194e5546f57a7963ea1849 in the cgi-bin dir.

 It would be a good idea, in general, to redirect http to https for the
 userid related scripts at the Apache level.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1772#comment:1>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.


More information about the Sac mailing list