Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-2411

Login page should be encrypted (SSL/TLS)

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Normal Normal
    • 2013-07-22
    • None
    • Accounts, Admin

      The page where a user submits their username and password should be handled through HTTPS, to reduce the chance of username and passwords being intercepted, particularly when users are logging in at public hotspots over WiFi.

      Given that other sites like GMail and Facebook are now encrypting their entire traffic to overcome Firesheep (http://en.wikipedia.org/wiki/Firesheep) session cookie cloning attacks, it's seems very poor practice that passwords are being sent apparently in plain text.

            warp Kuno Woudt
            Anonymous Anonymous
            Votes:
            9 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                Version Package
                2013-07-22