[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers-public] Stay in https after login?
|
From: |
Bob Proulx |
|
Subject: |
Re: [Savannah-hackers-public] Stay in https after login? |
|
Date: |
Thu, 2 Jan 2014 16:57:49 -0700 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hi Sylvain!
Sylvain wrote:
> To me this is a bug.
Which part of it? There were several things mentioned.
> I also noted in a recent work environment that https was way more
> restricted (proxy *whitelist* only) than plain http, so in some
> cases, people may want to stay in plain http.
Entirely avoiding https is definitely a problematic case. It can't
have be a problem for Savannah since https is currently required to
log into the site. Since there haven't been changes for a long time
(years?) I assume this has been this way for years. Is there anyone
that is blocked from using Savannah currently due to this?
I don't think that being able to entirely avoid https is a case that
should be supported. It is too insecure on the hostile net these days.
> There may be a conflict between the choice of the checkbox and a)
> HTTPSEverywhere plugin and/or b) a previous Savane cookie requesting
> to switch to https.
I am not sure what you are trying to say here. The HTTPSEverywhere
plugin isn't needed for accessing Savannah since Savannah already
switches users to https without the plugin.
Bob
Re: [Savannah-hackers-public] Stay in https after login?, Karl Berry, 2014/01/02