Opened 8 years ago

Closed 6 years ago

#595 closed enhancement (fixed)

WWW Trac Plaintext Passwords

Reported by: anonymous123 Owned by: killyourtv
Priority: major Milestone:
Component: trac Version:
Keywords: Cc:
Parent Tickets: Sensitive: no

Description

I noticed that on http://trac.i2p2.de, there are links to login which are plaintext. It might be a good idea to SSL the login portion of that page.

From the frontpage: "…The "Register" and "Login" links are at the bottom…" where these are HTTP over the internet.

Subtickets

Change History (8)

comment:1 Changed 8 years ago by zzz

Milestone: 0.8.13
Owner: set to welterde
Status: newassigned

might be hard, I presume it's the same server for .de and .i2p and https links would fail over i2p. But I'm not the trac guy, assigning to welterde.

comment:2 Changed 6 years ago by DISABLED

Resolution: worksforme
Status: assignedclosed

comment:3 Changed 6 years ago by str4d

Resolution: worksforme
Status: closedreopened

comment:4 Changed 6 years ago by DISABLED

Resolution: fixed
Status: reopenedclosed

comment:5 Changed 6 years ago by str4d

Resolution: fixed
Status: closedreopened

comment:6 Changed 6 years ago by killyourtv

Owner: changed from welterde to killyourtv
Status: reopenedaccepted
Version: 0.8.12

I'll take a stab at this once the certificate for trac.i2p2.de is in place on the new server. Maybe this can be done with server-side rewriting when traffic comes from the "clearnet" side.

At the same time HSTS can be enabled.

comment:7 Changed 6 years ago by killyourtv

Component: www/i2ptrac

SSL certs re-installed. HSTS and redirecting HTTP to HTTPS will be next.

Also see #794.

comment:8 Changed 6 years ago by killyourtv

Resolution: fixed
Status: acceptedclosed

Final Status

Closing ticket as resolved.

Note: See TracTickets for help on using tickets.