Opened 9 years ago
Closed 7 years ago
#595 closed enhancement (fixed)
WWW Trac Plaintext Passwords
Reported by: | anonymous123 | Owned by: | killyourtv |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | trac | Version: | |
Keywords: | Cc: | ||
Parent Tickets: | Sensitive: | no |
Description
I noticed that on http://trac.i2p2.de, there are links to login which are plaintext. It might be a good idea to SSL the login portion of that page.
From the frontpage: "…The "Register" and "Login" links are at the bottom…" where these are HTTP over the internet.
Subtickets
Change History (8)
comment:1 Changed 9 years ago by
Milestone: | 0.8.13 |
---|---|
Owner: | set to welterde |
Status: | new → assigned |
comment:2 Changed 7 years ago by
Resolution: | → worksforme |
---|---|
Status: | assigned → closed |
comment:3 Changed 7 years ago by
Resolution: | worksforme |
---|---|
Status: | closed → reopened |
comment:4 Changed 7 years ago by
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
comment:5 Changed 7 years ago by
Resolution: | fixed |
---|---|
Status: | closed → reopened |
comment:6 Changed 7 years ago by
Owner: | changed from welterde to killyourtv |
---|---|
Status: | reopened → accepted |
Version: | 0.8.12 |
I'll take a stab at this once the certificate for trac.i2p2.de is in place on the new server. Maybe this can be done with server-side rewriting when traffic comes from the "clearnet" side.
At the same time HSTS can be enabled.
comment:7 Changed 7 years ago by
Component: | www/i2p → trac |
---|
SSL certs re-installed. HSTS and redirecting HTTP to HTTPS will be next.
Also see #794.
comment:8 Changed 7 years ago by
Resolution: | → fixed |
---|---|
Status: | accepted → closed |
Final Status
- http://trac.i2p2.de redirects to https://trac.i2p2.de
- http://trac.i2p2.i2p doesn't redirect anywhere (since that'd be silly (and wrong))
- https://trac.i2p2.de sets the HSTS header which was recommended in ticket #794.
Closing ticket as resolved.
Note: See
TracTickets for help on using
tickets.
might be hard, I presume it's the same server for .de and .i2p and https links would fail over i2p. But I'm not the trac guy, assigning to welterde.