[Bug 570864] New: Review Request: drupal-securepages_prevent_hijack - Secure Pages add-on that prevents hijacked sessions from accessing SSL pages

bugzilla at redhat.com bugzilla at redhat.com
Fri Mar 5 17:39:14 UTC 2010 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: Review Request: drupal-securepages_prevent_hijack - Secure Pages add-on that prevents hijacked sessions from accessing SSL pages

https://bugzilla.redhat.com/show_bug.cgi?id=570864

           Summary: Review Request: drupal-securepages_prevent_hijack -
                    Secure Pages add-on that prevents hijacked sessions
                    from accessing SSL pages
           Product: Fedora
           Version: rawhide
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: medium
          Priority: medium
         Component: Package Review
        AssignedTo: nobody at fedoraproject.org
        ReportedBy: orion at cora.nwra.com
         QAContact: extras-qa at fedoraproject.org
                CC: notting at redhat.com, fedora-package-review at redhat.com
        Depends on: 570862
   Estimated Hours: 0.0
    Classification: Fedora


Spec URL:
http://www.cora.nwra.com/~orion/fedora/drupal-securepages_prevent_hijack.spec
SRPM URL:
http://www.cora.nwra.com/~orion/fedora/drupal-securepages_prevent_hijack-6.x.1.5-1.fc12.src.rpm

Description:
This is an add-on to the Secure Pages module that will prevent hijacked
sessions from accessing SSL pages, yet still allow users to stay logged in
when browsing non-SSL pages.

The login form is also secured, both on the user page and the login block.

This module is recommended for most securepages users. (One possible
exception is if you have set session.cookie_secure, and you have "Switch back
to http" disabled in the securepages settings.)

Please do consider carefully the inherent limitations of mixed HTTP / HTTPS
sessions. For an analysis of various approaches to using SSL, see this[1]
article on crackingdrupal.com.

[1] -
http://crackingdrupal.com/blog/greggles/drupal-and-ssl-multiple-recipes-possible-solutions

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the package-review mailing list