Opened 5 months ago

Last modified 5 months ago

#9406 new defect

Trac allows unencrypted (http) logins

Reported by: Michael Witten Owned by:
Priority: normal Component: trac
Version: unspecified Keywords: http https security password login
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

This page (http vs https) should not be functional:

http://trac.ffmpeg.org/login

I was at that link when my browser warned me that entering my password would not be secure; that page should probably be disabled under an unencrypted (http) connection, or perhaps redirect to an encrypted connection (https).

Change History (1)

comment:1 by Balling, 5 months ago

Yeah. Also static resources should be upgraded.

Last edited 5 months ago by Balling (previous) (diff)
Note: See TracTickets for help on using tickets.