Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-2411

Login page should be encrypted (SSL/TLS)

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2013-07-22
    • Component/s: Accounts, Admin
    • Labels:

      Description

      The page where a user submits their username and password should be handled through HTTPS, to reduce the chance of username and passwords being intercepted, particularly when users are logging in at public hotspots over WiFi.

      Given that other sites like GMail and Facebook are now encrypting their entire traffic to overcome Firesheep (http://en.wikipedia.org/wiki/Firesheep) session cookie cloning attacks, it's seems very poor practice that passwords are being sent apparently in plain text.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              warp Kuno Woudt
              Reporter:
              Anonymous Anonymous
              Votes:
              9 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  2013-07-22