No HTTPS redirect on patchwork.ozlabs.org

Mitar mmitar at gmail.com
Sun Aug 9 07:45:44 AEST 2015


Hi!

I suspect that after login, logged in session is based on cookies? So
if after login a cookie is send through HTTP, the cookie can be
intercepted.


Mitar

On Sat, Aug 8, 2015 at 2:42 PM, Geert Stappers <stappers at stappers.nl> wrote:
> On Sat, Aug 08, 2015 at 02:14:59PM +0200, Mitar wrote:
>> Hi!
>>
>> HTTPS works:
>>
>> https://patchwork.ozlabs.org/
>>
>> But if I open http://patchwork.ozlabs.org/, it still allows me to
>> login and send a password in plain text. I think HTTP should force
>> redirect to HTTPS.
>>
>
> I think the HTTP _login screen_  should redirect to HTTPS.
> So only force HTTPS when login (and being logged in) is involved.
>
>
> Groeten
> Geert Stappers
> --
> Leven en laten leven
> _______________________________________________
> Patchwork mailing list
> Patchwork at lists.ozlabs.org
> https://lists.ozlabs.org/listinfo/patchwork



-- 
http://mitar.tnode.com/
https://twitter.com/mitar_m


More information about the Patchwork mailing list