Opened 7 years ago
Closed 6 years ago
#595 closed enhancement (fixed)
WWW Trac Plaintext Passwords
| Reported by: | anonymous123 | Owned by: | killyourtv |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | trac | Version: | |
| Keywords: | Cc: | ||
| Parent Tickets: |
Description
I noticed that on http://trac.i2p2.de, there are links to login which are plaintext. It might be a good idea to SSL the login portion of that page.
From the frontpage: "...The "Register" and "Login" links are at the bottom..." where these are HTTP over the internet.
Subtickets
Change History (8)
comment:1 Changed 7 years ago by zzz
- Milestone 0.8.13 deleted
- Owner set to welterde
- Status changed from new to assigned
comment:2 Changed 6 years ago by guest
- Resolution set to worksforme
- Status changed from assigned to closed
comment:3 Changed 6 years ago by str4d
- Resolution worksforme deleted
- Status changed from closed to reopened
comment:4 Changed 6 years ago by guest
- Resolution set to fixed
- Status changed from reopened to closed
comment:5 Changed 6 years ago by str4d
- Resolution fixed deleted
- Status changed from closed to reopened
comment:6 Changed 6 years ago by killyourtv
- Owner changed from welterde to killyourtv
- Status changed from reopened to accepted
- Version 0.8.12 deleted
I'll take a stab at this once the certificate for trac.i2p2.de is in place on the new server. Maybe this can be done with server-side rewriting when traffic comes from the "clearnet" side.
At the same time HSTS can be enabled.
comment:7 Changed 6 years ago by killyourtv
- Component changed from www/i2p to trac
SSL certs re-installed. HSTS and redirecting HTTP to HTTPS will be next.
Also see #794.
comment:8 Changed 6 years ago by killyourtv
- Resolution set to fixed
- Status changed from accepted to closed
Final Status
- http://trac.i2p2.de redirects to https://trac.i2p2.de
- http://trac.i2p2.i2p doesn't redirect anywhere (since that'd be silly (and wrong))
- https://trac.i2p2.de sets the HSTS header which was recommended in ticket #794.
Closing ticket as resolved.
Note: See
TracTickets for help on using
tickets.
might be hard, I presume it's the same server for .de and .i2p and https links would fail over i2p. But I'm not the trac guy, assigning to welterde.