Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-2411

Login page should be encrypted (SSL/TLS)

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2013-07-22
    • Component/s: Accounts, Admin
    • Labels:
      None

      Description

      The page where a user submits their username and password should be handled through HTTPS, to reduce the chance of username and passwords being intercepted, particularly when users are logging in at public hotspots over WiFi.

      Given that other sites like GMail and Facebook are now encrypting their entire traffic to overcome Firesheep (http://en.wikipedia.org/wiki/Firesheep) session cookie cloning attacks, it's seems very poor practice that passwords are being sent apparently in plain text.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                warp Kuno Woudt
                Reporter:
                Anonymous
              • Votes:
                9 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package
                  2013-07-22