Gallery

I request that this feature be looked at again. I don't think the original
submitter full explained the feature request. I believe this was what was
intended:

- under options (or during setup), the site admin can select "require
encrypted user authentication".
- anytime someone tried to do something that requires authentication of
any sort (such as logging in, add photos, accessing restricted albums),
gallery writes urls using https to force ssl. this should last the life of
the session.

i see two main benefits:
- password information is not leaked on the internet.
- it allows linking to gallery images without mixed-content prompts.
currently, if you ssl the entire gallery site and then try to link an image
from gallery from a non-ssl forum site, you will get a mixed-content
prompt. however, if you run gallery as a non-ssl site by default and only
require ssl upon login or access to restricted albums, then linking images
from non-restricted albums will not generate mixed-content prompts.

hopefully this explains why gallery needs to generate https urls because
only gallery knows when an operation will require an authenticated user.

Logged In: YES
user_id=942712

of course, we welcome user contributions :)

just attach your modifications / or patch (cvs diff -Nuw) to
this feature request tracker and we will review it and
eventually include it in G2.

Logged In: YES
user_id=1309269

I'm a developer myself, so I could probably make it work for
G1 quite easily since that one works with a popup. G2
shouldn't be much more complicated I think.

Just say so if you want me to give it a try :-)

Logged In: YES
user_id=942712

sounds reasonable.

but don't expect us to work on it anytime soon. until 2.0 is
shipped, we concentrate on writing documentation and gaining
stability by only fixing bugs and the like.

Logged In: YES
user_id=1309269

In my opninion it should be like this:

- there is a configuration option that says 'secure login:
yes/no'
- when the secure login option is set to yes and a user
tries to login from a http link, the user is redirected to a
https link and after login he is redirected back to a http link.

this should (if possible) be implemented both in G1 and G2

by the way, this made me think about something else, see RFE
1244029

Logged In: YES
user_id=942712

what exactly do you want then?

- something like the sourceforge.net login where you can
select whether the connection should be secure?

- that when a user clicks on login, he's redirected to
https://... ?

or what?

Logged In: YES
user_id=1309269

ok,
that from the G2 was a mistake, but I mean it in a more
general way:

make it possible for _only_ the login be to secure, so that
the gallery can exist under a normal http link while login
is still secure.

I actually came up with this because of bug 1238515 that I filed

Logged In: YES
user_id=942712

you chose group "v2", but mention a "login popup".

there are no popups in G2.
you already can use https with G2, just access it with https.