Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#92786 SF.net site inquiry

First Level Support
closed
Erich Zigler
5
2005-11-11
2005-10-04
No

Hi,
I am a new user, so maybe I missed something, but here
is my story:
When I want to post anything on bug/forum at sf.net I
need to login first.
So I click on login.
The login form comes in http (not SSLed https) page.
The page assures that the password is going to be
encrypted by SSL.
Sounds like magic, because no signs of https.
Then I looked at the login page source, still no https.
Then I loaded ethereal to inspect my packets and see
whether my password is going encrypted.
To my surprise I found a packet with my username and
password in plain text, so at least the login page is
lieing, and worst sf.net usernames/passwords could be
mined.

Could anyone comment on that?

Discussion

  • Erich Zigler
    Erich Zigler
    2005-10-05

    • assigned_to: nobody --> zigler
    • summary: login page is not secured by SSL dispite page assurance --> SF.net site inquiry
    • milestone: 104419 --> 104417
    • labels: 210000 --> SourceForge.net Website
     
  • Erich Zigler
    Erich Zigler
    2005-10-05

    Logged In: YES
    user_id=1243797

    Greetings,

    This canned response is used by the SourceForge.net team to
    convey information about how this Support Request will be
    handled. Please read the entirety of this comment before taking
    any further action; information enclosed in this comment will
    help you to ensure that you have an excellent support experience.

    The SourceForge.net team takes all reported issues seriously; we
    will work to provide you a complete, accurate, and timely
    response to your inquiry. Information about our support policies
    and procedures may be found at:
    https://sourceforge.net/docman/display_doc.php?docid=11230&group_id=1

    ABOUT THIS ISSUE: Based on the initial review of this request, we
    have determined that this issue will be considered to have
    Moderate Priority (this is signified by the summary line we use
    on this request, not by the Priority setting on this request).
    Issues within this category typically include service questions,
    usage problems, Compile Farm usage or system issues, statistics,
    and specialized requests (such as those requiring significant
    administrative overview, or which require the development of a
    custom solution). A description of this class of issues may be
    found at:
    https://sourceforge.net/docman/display_doc.php?docid=11230&group_id=1#issueclass_moderate

    TRIAGE PROCESS: The initial review of this issue has resulted in
    a member of the SourceForge.net staff determining who should
    process this issue, and a change in the Priority, Summary,
    Assignee, Group and Category settings for this request.

    WHAT TO EXPECT: Issues of this nature will typically be reviewed
    again by the assigned member of the SourceForge.net team within 5
    business days (the SourceForge.net team works at least Monday
    through Friday, 9am to 5pm Pacific, excepting holidays). Within
    our next response, we will typically request additional
    information about the problem you have reported, or provide you
    specific troubleshooting instructions. Please wait patiently for
    our next review of, and response to, this request.

    INQUIRING ABOUT THE STATUS OF THIS ISSUE: Should you have
    questions or concerns regarding the status of this issue, simply
    add a comment to this support request. All comments you post to
    this support request will be received by the SourceForge.net team
    member who has been assigned this issue. Please do not submit a
    second support request about this issue (add a comment to this
    request instead), and do not attempt to contact the assignee of
    this request via email; all additional information or comments
    about this request should be posted as a comment to this request.

    Thank you,

    SourceForge.net support

     
  • Erich Zigler
    Erich Zigler
    2005-10-05

    • status: open --> pending
     
  • Erich Zigler
    Erich Zigler
    2005-10-05

    Logged In: YES
    user_id=1243797

    Greetings,
    It is SSL if you specify it in the URL. If you hit
    http://sourceforge.net/ it will not be transmitted over SSL.
    When you click on the link "Login via SSL" it will be over
    SSL. What login page are you visiting?

    Thank you,

    Erich Zigler
    First Level Technical Support, SourceForge.net

     
  • Logged In: YES
    user_id=1354628

    Well, I am using e.g. this login page:
    http://sourceforge.net/account/login.php?return_to=%2Fforum%2Fforum.php%3Fforum_id%3D323167
    If I manually change url to https then I stay within SSL and
    no issue to bother.
    But I don't usually come and browse in SSL (which I believe
    gives unnecessary overhead for server most of the time).

    Hence I come with http and this pages says:

    You will be connected with an SSL server when you submit
    this form and your password will not be visible to other users.

    Which is completely false, naive users might believe it and
    fall into false confidence.

     
    • status: pending --> open
     
  • Erich Zigler
    Erich Zigler
    2005-10-06

    • milestone: 104417 --> 104418
     
  • Erich Zigler
    Erich Zigler
    2005-10-06

    • assigned_to: zigler --> burley
     
  • David Burley
    David Burley
    2005-10-07

    • assigned_to: burley --> enhancement
     
  • David Burley
    David Burley
    2005-10-07

    Logged In: YES
    user_id=597273

    It used to submit via SSL. Am sending this to an engineer to
    resolve, as from my look at the page, it does appear to
    submit via HTTP not HTTPS, as you suggest.

     
  • Erich Zigler
    Erich Zigler
    2005-10-27

    Logged In: YES
    user_id=1243797

    Greetings,

    To the best of my knowledge, this matter has now been resolved.
    Should you require further assistance from the SourceForge.net
    team, please add a comment to this Support Request and we'll
    reopen it for you.

    SourceForge.net Support

     
  • Erich Zigler
    Erich Zigler
    2005-10-27

    • assigned_to: enhancement --> zigler
    • milestone: 104418 --> First Level Support
    • status: open --> pending
     
  • Logged In: YES
    user_id=1312539

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     
    • status: pending --> closed