#108 Plaintext Login Request

Next Release
closed
nabber00
7
2010-09-16
2007-10-03
Anonymous
No

Credit: AJ Dexter aj.dexter@gmail.com from IHackCharities.org

This one is more of a feature request, but also a problem.

When a user logs in the credentials are sent over the network plain text. Meaning someone on the same physical network as the user would be able to intercept the administrator username and password.

A helpful fix would be an option to require an SSL connection for the login page, or a redirect to SSL.

Discussion

  • nabber00

    nabber00 - 2010-08-03
    • labels: 768792 -->
    • status: open --> open-accepted
     
  • nabber00

    nabber00 - 2010-08-03

    This is a feature request. SSL is outside of the scope of this project. SPHP Blog has no way of knowing if SSL is enabled on the server or not, so that is what this setting would be for. For now I suggest adding an automatic redirect to the server configuration if needed.

     
  • nabber00

    nabber00 - 2010-08-15
    • priority: 5 --> 7
    • status: open-accepted --> open
     
  • nabber00

    nabber00 - 2010-09-16
    • assigned_to: nobody --> nabber00
    • labels: --> New Features
    • milestone: --> Next Release
    • status: open --> closed
     
  • nabber00

    nabber00 - 2010-09-16

    Added option to warn or require SSL login in svn r92.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks