Actions
Feature #3804
openAuthentication over HTTPS
Status:
New
Priority:
Normal
Assignee:
-
Category:
Administration
Target version:
-
Start date:
2009-09-02
Due date:
% Done:
0%
Estimated time:
Resolution:
Description
There should be global flag to indicate that login page should be served over HTTPS. As of now once can run whole application over either HTTP or HTTPS. Running everything over HTTPS is overkill and sending user credentials over HTTP is a security whole.
Related issues
Actions