Marketing-trac: #157: https doesn't work correctly on fedoramagazine.org
marketing-team
marketing-team-trac at fedorahosted.org
Mon Aug 4 14:50:29 UTC 2014
#157: https doesn't work correctly on fedoramagazine.org
------------------------------+-----------------------------
Reporter: sparks | Owner: chrisroberts
Type: task | Status: reopened
Priority: major | Milestone: Future releases
Component: Fedora Magazine | Severity: urgent
Resolution: | Keywords:
Blocked By: | Blocking:
------------------------------+-----------------------------
Changes (by sparks):
* status: closed => reopened
* resolution: wontfix =>
Comment:
Actually, HTTPS is needed to keep the authentication tickets a secret.
It's fine that FAS authentication is encrypted but when the ticket is
passed around for authentication purposes in WP in the clear it leaves
your authentication open for attack (and could leave other services
vulnerable that use FAS for auth). This is a known attack vector and I
believe we've seen some attacks in the wild with this.
--
Ticket URL: <https://fedorahosted.org/marketing-team/ticket/157#comment:2>
marketing-team <https://fedoraproject.org/wiki/Marketing>
Marketing team for the Fedora project.
More information about the marketing
mailing list