View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000652||Main CAcert Website||website content||public||2008-11-16 16:37||2008-11-16 16:37|
|Summary||0000652: login page over http doesn't post to https|
|Description||If one is stupid enough to change https to http in the login page <http://www.cacert.org/index.php?id=4>, the <form /> still uses just "index.php" to post, so the info goes plain.|
Fortunelly one gets redirected to <https://www.cacert.org/account.php>, but the auth was plain, and adsense code (No problem for me, I do trust Google) got injected on the same page the user uses to type his data.
|Tags||No tags attached.|