View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000652 | Main CAcert Website | website content | public | 2008-11-16 16:37 | 2008-11-16 16:37 |
| Reporter | mnemoc | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Summary | 0000652: login page over http doesn't post to https | ||||
| Description | If one is stupid enough to change https to http in the login page <http://www.cacert.org/index.php?id=4>, the <form /> still uses just "index.php" to post, so the info goes plain. Fortunelly one gets redirected to <https://www.cacert.org/account.php>, but the auth was plain, and adsense code (No problem for me, I do trust Google) got injected on the same page the user uses to type his data. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2008-11-16 16:37 | mnemoc | New Issue |
