#38: https for the login form
------------------------+---------------------------
Reporter: pingou | Owner: abompard
Type: enhancement | Status: accepted
Priority: major | Milestone: Beta version
Version: | Resolution:
Keywords: |
------------------------+---------------------------
Changes (by abompard):
* owner: => abompard
* status: new => accepted
Comment:
I stumbled upon this link from the EFF: [
https://www.eff.org/https-
everywhere/deploying-https How to deploy HTTPS correctly]. It contains the
following paragraph:
You must serve the entire application domain over HTTPS.
[...]
Some site operators provide only the login page over HTTPS, on the
theory that only the user’s password is sensitive. These sites’ users are
vulnerable to passive and active attack.
What do you think ?
--
Ticket URL: <
https://fedorahosted.org/hyperkitty/ticket/38#comment:2>
HyperKitty <
http://mm3test.fedoraproject.org>
The HyperKitty Django app provides a web interface to access GNU Mailman archives.