Hi!
I suspect that after login, logged in session is based on cookies? So
if after login a cookie is send through HTTP, the cookie can be
intercepted.
Mitar
On Sat, Aug 8, 2015 at 2:42 PM, Geert Stappers wrote:
> On Sat, Aug 08, 2015 at 02:14:59PM +0200, Mitar wrote:
>> Hi!
>>
>> HTTPS works:
On Sat, Aug 08, 2015 at 02:14:59PM +0200, Mitar wrote:
> Hi!
>
> HTTPS works:
>
> https://patchwork.ozlabs.org/
>
> But if I open http://patchwork.ozlabs.org/, it still allows me to
> login and send a password in plain text. I think HTTP should force
> redirect to HTTPS.
>
I think the HTTP _lo
Hi!
HTTPS works:
https://patchwork.ozlabs.org/
But if I open http://patchwork.ozlabs.org/, it still allows me to
login and send a password in plain text. I think HTTP should force
redirect to HTTPS.
Mitar
--
http://mitar.tnode.com/
https://twitter.com/mitar_m