It is not a good idea to have an HTTP login page. Your credentials are sent in plain text when you log in via HTTP.
I realize that the OHR wiki isn't the most high-profile target for hackers, but it's still a bad idea. We don't need to allow wiki editing to everyone able to use the engine if it means compromising security. On Wed, Sep 16, 2020, 8:45 PM Ralph Versteegen <teeem...@gmail.com> wrote: > Holly reported, and I can confirm, that you can't log into the wiki, or > create an account, when accessing it over HTTP instead of HTTPS. (I think I > remember seeing this already quite a while ago.) You get the following > message: > > "There seems to be a problem with your login session; this action has been > canceled as a precaution against session hijacking. Please resubmit the > form." > > It is nice to be able to access the wiki via HTTP, since HTTPS is > inaccessible from ancient OSes such as some of those we support. If the > login page could redirect from HTTP to HTTPS... > > Hmm, maybe I should file such things on github instead... > _______________________________________________ > Ohrrpgce mailing list > ohrrpgce@lists.motherhamster.org > http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org >
_______________________________________________ Ohrrpgce mailing list ohrrpgce@lists.motherhamster.org http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
