Bug 44910

Summary: Processes should be SSL
Product: Red Hat Web Site Reporter: Jay Turner <jturner>
Component: Join_ProcessAssignee: Tom Lancaster <tlancast>
Status: CLOSED CURRENTRELEASE QA Contact: Web Development <webdev>
Severity: medium Docs Contact:
Priority: high    
Version: currentCC: srevivo
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-06-25 15:17:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jay Turner 2001-06-18 19:45:34 UTC 
Description of Problem:
Both the /join process as well as simply logging into the site should be
done via SSL, as otherwise it is quite easy to sniff the packets, thus
retrieving both the username and password of the user.

How Reproducible:


Steps to Reproduce:
1. 
2. 
3. 

Actual Results:


Expected Results:


Additional Information:
Comment 1 Jay Turner 2001-09-18 13:40:28 UTC 
Still an issue.
Comment 2 Jay Turner 2001-09-28 15:37:48 UTC 
Yep, still there.
Comment 3 Tom Lancaster 2001-10-09 00:40:32 UTC 
This solution depends on a resolution to the issue of what to do with banner ads
when a user is on ssl. In talking with Rob Byars and Aragorn we decided that 
no doubleclick ads would be displayed when people were using ssl.
When the component for this is built, we should be able to move back to using
ssl for login and once logged in.