** Changed in: mahara
Assignee: (unassigned) => Ruslan Kabalin (ruslan-kabalin)
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/646713
Title:
js config.wwwroot ignores httpswwwroot
Statu
** Tags added: https
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/646713
Title:
js config.wwwroot ignores httpswwwroot
Status in Mahara ePortfolio:
Confirmed
Bug description:
Original
Thanks for the clarification Iñaki !
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/646713
Title:
js config.wwwroot ignores httpswwwroot
Status in Mahara ePortfolio:
Confirmed
Bug descrip
I have just read the last developer meeting minutes, and wanted to
clarify that I'm fine with the removal :-)
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/646713
Title:
js config.wwwroot ig
During upgrade, we'll need to make sure admins are warned about this
change.
I suggest a pre-upgrade check that will abort the whole upgrade if
httpswwwroot is set in config.php. A message like this could be
displayed:
"HTTPS logins have been removed. You need to remove the httpswwwroot
variable
Then, so be it!
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/646713
Title:
js config.wwwroot ignores httpswwwroot
Status in Mahara ePortfolio:
Confirmed
Bug description:
Originally re
I agree, full SSL support is required. httpswwwroot config option should
be deprecated.
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/646713
Title:
js config.wwwroot ignores httpswwwroot
St
and here's the Google link I forgot to include:
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/646713
Title:
js config.wwwroo
As Firesheep (http://codebutler.com/firesheep?c=1) has pointed out,
logins are not the only thing that needs to be protected. Session theft
is now a very real threat.
Also, Google has released numbers showing that the overhead of SSL is
actually fairly small. We should probably encourage people to
As Andrew points out, due to the way we deal with logins (at the same
URL with a transitent content, instead of using a round trip to a
different login URL like Moodle does), it's completely impossible to
make the Ajax based login work with it (the Javascript security model
forbids it, as it's clea
Yeah sounds like removing httpswwwroot is the solution.
** Changed in: mahara
Importance: Undecided => Medium
** Changed in: mahara
Status: New => Confirmed
** Changed in: mahara
Milestone: None => 1.4.0
** Visibility changed to: Public
** This bug is no longer flagged as a secur
11 matches
Mail list logo
