Opened 3 years ago
Last modified 2 years ago
#9406 new defect
Trac allows unencrypted (http) logins
| Reported by: | Michael Witten | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | trac |
| Version: | unspecified | Keywords: | http https security password login |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
This page (http vs https) should not be functional:
I was at that link when my browser warned me that entering my password would not be secure; that page should probably be disabled under an unencrypted (http) connection, or perhaps redirect to an encrypted connection (https).
Change History (3)
comment:2 by , 3 years ago
Looks like new cert no longer allows for https://fate-suite.ffmpeg.org/ to be protected. Unfortunate.
comment:3 by , 2 years ago
That is still a problem, though Chrome now more or less blocks http logins.
Note:
See TracTickets
for help on using tickets.
Yeah. Also static resources should be upgraded.