#61 Secure Login Config Option

closed-wont-fix
nobody
5
2002-04-08
2001-11-18
Anonymous
No

While it is easy enough to modify login.php to require a secure connection when logging in, SquirrelMail should have a configuration option to require the secure connection before displaying the login screen. Otherwise, userids and passwords are transmitted in clear text.

Ideally, a non-secure connection should display an error screen indicating the nature of the problem. Only a secure connection should display the login screen.

For those that don't wish to use secure login, there should be an option to disble the check in the config script. I'd suggest that the secure login should be the default, to prevent user error from compromising the system as a result of the SquirrelMail installation.

Discussion

  • Konstantin Riabitsev

    • status: open --> closed-wont-fix
     
  • Konstantin Riabitsev

    Logged In: YES
    user_id=147248

    This is really something that should be configured on the
    apache level. Just set RequireSSL and/or redirects.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks