[Bug 570864] New: Review Request: drupal-securepages_prevent_hijack - Secure Pages add-on that prevents hijacked sessions from accessing SSL pages
bugzilla at redhat.com
bugzilla at redhat.com
Fri Mar 5 17:39:14 UTC 2010
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: Review Request: drupal-securepages_prevent_hijack - Secure Pages add-on that prevents hijacked sessions from accessing SSL pages
https://bugzilla.redhat.com/show_bug.cgi?id=570864
Summary: Review Request: drupal-securepages_prevent_hijack -
Secure Pages add-on that prevents hijacked sessions
from accessing SSL pages
Product: Fedora
Version: rawhide
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: Package Review
AssignedTo: nobody at fedoraproject.org
ReportedBy: orion at cora.nwra.com
QAContact: extras-qa at fedoraproject.org
CC: notting at redhat.com, fedora-package-review at redhat.com
Depends on: 570862
Estimated Hours: 0.0
Classification: Fedora
Spec URL:
http://www.cora.nwra.com/~orion/fedora/drupal-securepages_prevent_hijack.spec
SRPM URL:
http://www.cora.nwra.com/~orion/fedora/drupal-securepages_prevent_hijack-6.x.1.5-1.fc12.src.rpm
Description:
This is an add-on to the Secure Pages module that will prevent hijacked
sessions from accessing SSL pages, yet still allow users to stay logged in
when browsing non-SSL pages.
The login form is also secured, both on the user page and the login block.
This module is recommended for most securepages users. (One possible
exception is if you have set session.cookie_secure, and you have "Switch back
to http" disabled in the securepages settings.)
Please do consider carefully the inherent limitations of mixed HTTP / HTTPS
sessions. For an analysis of various approaches to using SSL, see this[1]
article on crackingdrupal.com.
[1] -
http://crackingdrupal.com/blog/greggles/drupal-and-ssl-multiple-recipes-possible-solutions
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the package-review
mailing list