Opened 3 years ago

Last modified 16 months ago

#9406 new defect

Trac allows unencrypted (http) logins

Reported by: Michael Witten Owned by:
Priority: normal Component: trac
Version: unspecified Keywords: http https security password login
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no


This page (http vs https) should not be functional:

I was at that link when my browser warned me that entering my password would not be secure; that page should probably be disabled under an unencrypted (http) connection, or perhaps redirect to an encrypted connection (https).

Change History (3)

comment:1 by Balling, 3 years ago

Yeah. Also static resources should be upgraded.

Last edited 3 years ago by Balling (previous) (diff)

comment:2 by Balling, 2 years ago

Looks like new cert no longer allows for to be protected. Unfortunate.

comment:3 by Balling, 16 months ago

That is still a problem, though Chrome now more or less blocks http logins.

Note: See TracTickets for help on using tickets.