[Savannah-hackers-public] "Stay in secure (https) mode after login"

savannah-hackers-public

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers-public] "Stay in secure (https) mode after login"

From:	Leo Famulari
Subject:	[Savannah-hackers-public] "Stay in secure (https) mode after login"
Date:	Tue, 14 Mar 2017 15:59:18 -0400
User-agent:	Mutt/1.8.0 (2017-02-23)

The Savannah login page includes a checkbox that reads "Stay in secure
(https) mode after login".

Just to see what would happen, I logged in with this box unchecked. I
ended up at <https://savannah.gnu.org/>. I couldn't convince Savannah
and my browsers to log me in to <http://savannah.gnu.org/>.

So I'm wondering, what does that checkbox do? Is there still a
possibility that some communication will pass over unauthenticated
channels?

While logged in, I manually entered the HTTP URL and was still able to
access the administration interface for a group that I administer over
the unauthenticated connection.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-hackers-public] "Stay in secure (https) mode after login", Leo Famulari <=
- Re: [Savannah-hackers-public] "Stay in secure (https) mode after login", Leo Famulari, 2017/03/14
  - Re: [Savannah-hackers-public] "Stay in secure (https) mode after login", Assaf Gordon, 2017/03/15
    - Re: [Savannah-hackers-public] "Stay in secure (https) mode after login", Leo Famulari, 2017/03/15

Prev by Date: Re: [Savannah-hackers-public] vcs0 disk filling up, /var/cache/cgit again
Next by Date: Re: [Savannah-hackers-public] "Stay in secure (https) mode after login"
Previous by thread: [Savannah-hackers-public] vcs0 disk filling up, /var/cache/cgit again
Next by thread: Re: [Savannah-hackers-public] "Stay in secure (https) mode after login"
Index(es):
- Date
- Thread