Opened 13 months ago

Last modified 4 months ago

#9406 new defect

Trac allows unencrypted (http) logins

Reported by: Michael Witten Owned by:
Priority: normal Component: trac
Version: unspecified Keywords: http https security password login
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

This page (http vs https) should not be functional:

http://trac.ffmpeg.org/login

I was at that link when my browser warned me that entering my password would not be secure; that page should probably be disabled under an unencrypted (http) connection, or perhaps redirect to an encrypted connection (https).

Change History (2)

comment:1 by Balling, 13 months ago

Yeah. Also static resources should be upgraded.

Last edited 13 months ago by Balling (previous) (diff)

comment:2 by Balling, 4 months ago

Looks like new cert no longer allows for https://fate-suite.ffmpeg.org/ to be protected. Unfortunate.

Note: See TracTickets for help on using tickets.