View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000652 | Main CAcert Website | website content | public | 2008-11-16 16:37 | 2008-11-16 16:37 |
Reporter | mnemoc | Assigned To | |||
Priority | normal | Severity | major | Reproducibility | always |
Status | new | Resolution | open | ||
Summary | 0000652: login page over http doesn't post to https | ||||
Description | If one is stupid enough to change https to http in the login page <http://www.cacert.org/index.php?id=4>, the <form /> still uses just "index.php" to post, so the info goes plain. Fortunelly one gets redirected to <https://www.cacert.org/account.php>, but the auth was plain, and adsense code (No problem for me, I do trust Google) got injected on the same page the user uses to type his data. | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
Date Modified | Username | Field | Change |
---|---|---|---|
2008-11-16 16:37 | mnemoc | New Issue |