#157: https doesn't work correctly on
fedoramagazine.org
------------------------------+-----------------------------
Reporter: sparks | Owner: chrisroberts
Type: task | Status: reopened
Priority: major | Milestone: Future releases
Component: Fedora Magazine | Severity: urgent
Resolution: | Keywords:
Blocked By: | Blocking:
------------------------------+-----------------------------
Changes (by sparks):
* status: closed => reopened
* resolution: wontfix =>
Comment:
Actually, HTTPS is needed to keep the authentication tickets a secret.
It's fine that FAS authentication is encrypted but when the ticket is
passed around for authentication purposes in WP in the clear it leaves
your authentication open for attack (and could leave other services
vulnerable that use FAS for auth). This is a known attack vector and I
believe we've seen some attacks in the wild with this.
--
Ticket URL: <
https://fedorahosted.org/marketing-team/ticket/157#comment:2>
marketing-team <
https://fedoraproject.org/wiki/Marketing>
Marketing team for the Fedora project.