View Issue Details

IDProjectCategoryView StatusLast Update
0008888Mantis BT @ CentOSwebsitepublic2018-05-07 10:38
Status resolvedResolutionfixed 
Summary0008888: Enforce HTTPS for uses password authentication with authentication cookies. If using it on insecure networks for example on conferences, the account information can easily be read by nearby attackers. Therefore please:

1) Redirect all access to to https
2) Use HSTS, ideally for all of
3) Protect all cookies from unencrypted submission via the secure flag
TagsNo tags attached.




2018-02-20 08:22

administrator   ~0031256

Can we close this bug report ?


2018-05-07 10:38

administrator   ~0031724

bugs triage, and hsts was enabled, as well as automatic redirection to https

Issue History

Date Modified Username Field Change
2015-06-10 20:21 till New Issue
2018-02-20 08:22 arrfab Status new => feedback
2018-02-20 08:22 arrfab Note Added: 0031256
2018-05-07 10:38 arrfab Status feedback => resolved
2018-05-07 10:38 arrfab Resolution open => fixed
2018-05-07 10:38 arrfab Note Added: 0031724