-
Improvement
-
Resolution: Fixed
-
Normal
-
None
The page where a user submits their username and password should be handled through HTTPS, to reduce the chance of username and passwords being intercepted, particularly when users are logging in at public hotspots over WiFi.
Given that other sites like GMail and Facebook are now encrypting their entire traffic to overcome Firesheep (http://en.wikipedia.org/wiki/Firesheep) session cookie cloning attacks, it's seems very poor practice that passwords are being sent apparently in plain text.
- has related issue
-
IMG-68 4 or 5 seconds latency on HTTPS-CAA image loading (instead of none)
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
PICARD-337 Allow using encrypted connection to mb.org
-
- Closed
-
-
MBS-5339 Cover Art should be loaded over SSL where possible
-
- Closed
-
-
-
- Closed
-
- is a dependency of
-
-
- Closed
-
- is duplicated by
-
-
- Closed
-