[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers-public] "Stay in secure (https) mode after login"
|
From: |
Leo Famulari |
|
Subject: |
Re: [Savannah-hackers-public] "Stay in secure (https) mode after login" |
|
Date: |
Tue, 14 Mar 2017 16:34:23 -0400 |
|
User-agent: |
Mutt/1.8.0 (2017-02-23) |
On Tue, Mar 14, 2017 at 03:59:18PM -0400, Leo Famulari wrote:
> The Savannah login page includes a checkbox that reads "Stay in secure
> (https) mode after login".
>
> Just to see what would happen, I logged in with this box unchecked. I
> ended up at <https://savannah.gnu.org/>. I couldn't convince Savannah
> and my browsers to log me in to <http://savannah.gnu.org/>.
>
> So I'm wondering, what does that checkbox do? Is there still a
> possibility that some communication will pass over unauthenticated
> channels?
>
> While logged in, I manually entered the HTTP URL and was still able to
> access the administration interface for a group that I administer over
> the unauthenticated connection.
I should have searched the archives before sending this message. The
subject has already been discussed:
http://lists.gnu.org/archive/html/savannah-hackers-public/2014-01/msg00002.html
And more generally:
http://lists.gnu.org/archive/html/savannah-hackers-public/2016-10/msg00002.html
signature.asc
Description: PGP signature