[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Stay in https after login?

From: Bob Proulx
Subject: Re: [Savannah-hackers-public] Stay in https after login?
Date: Thu, 2 Jan 2014 16:57:49 -0700
User-agent: Mutt/1.5.21 (2010-09-15)

Hi Sylvain!

Sylvain wrote:
> To me this is a bug.

Which part of it?  There were several things mentioned.

> I also noted in a recent work environment that https was way more
> restricted (proxy *whitelist* only) than plain http, so in some
> cases, people may want to stay in plain http.

Entirely avoiding https is definitely a problematic case.  It can't
have be a problem for Savannah since https is currently required to
log into the site.  Since there haven't been changes for a long time
(years?) I assume this has been this way for years.  Is there anyone
that is blocked from using Savannah currently due to this?

I don't think that being able to entirely avoid https is a case that
should be supported.  It is too insecure on the hostile net these days.

> There may be a conflict between the choice of the checkbox and a)
> HTTPSEverywhere plugin and/or b) a previous Savane cookie requesting
> to switch to https.

I am not sure what you are trying to say here.  The HTTPSEverywhere
plugin isn't needed for accessing Savannah since Savannah already
switches users to https without the plugin.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]