Opened 8 years ago
Closed 6 years ago
#595 closed enhancement (fixed)
WWW Trac Plaintext Passwords
| Reported by: | anonymous123 | Owned by: | killyourtv |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | trac | Version: | |
| Keywords: | Cc: | ||
| Parent Tickets: | Sensitive: | no |
Description
I noticed that on http://trac.i2p2.de, there are links to login which are plaintext. It might be a good idea to SSL the login portion of that page.
From the frontpage: "…The "Register" and "Login" links are at the bottom…" where these are HTTP over the internet.
Subtickets
Change History (8)
comment:1 Changed 8 years ago by
| Milestone: | 0.8.13 |
|---|---|
| Owner: | set to welterde |
| Status: | new → assigned |
comment:2 Changed 6 years ago by
| Resolution: | → worksforme |
|---|---|
| Status: | assigned → closed |
comment:3 Changed 6 years ago by
| Resolution: | worksforme |
|---|---|
| Status: | closed → reopened |
comment:4 Changed 6 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
comment:5 Changed 6 years ago by
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
comment:6 Changed 6 years ago by
| Owner: | changed from welterde to killyourtv |
|---|---|
| Status: | reopened → accepted |
| Version: | 0.8.12 |
I'll take a stab at this once the certificate for trac.i2p2.de is in place on the new server. Maybe this can be done with server-side rewriting when traffic comes from the "clearnet" side.
At the same time HSTS can be enabled.
comment:7 Changed 6 years ago by
| Component: | www/i2p → trac |
|---|
SSL certs re-installed. HSTS and redirecting HTTP to HTTPS will be next.
Also see #794.
comment:8 Changed 6 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
Final Status
- http://trac.i2p2.de redirects to https://trac.i2p2.de
- http://trac.i2p2.i2p doesn't redirect anywhere (since that'd be silly (and wrong))
- https://trac.i2p2.de sets the HSTS header which was recommended in ticket #794.
Closing ticket as resolved.
Note: See
TracTickets for help on using
tickets.
might be hard, I presume it's the same server for .de and .i2p and https links would fail over i2p. But I'm not the trac guy, assigning to welterde.