Bug 27652 - Bugzilla mailer improperly using http_S_
Bugzilla mailer improperly using http_S_
Status: CLOSED WONTFIX
Product: Bugzilla
Classification: Community
Component: Bugzilla General (Show other bugs)
2.8
All Linux
medium Severity medium (vote)
: ---
: ---
Assigned To: David Lawrence
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-02-14 15:14 EST by R P Herrold
Modified: 2007-04-18 12:31 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-12-20 11:07:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description R P Herrold 2001-02-14 15:14:40 EST
The mailers for Bugzilla advice of change emails are of this form:

 To: bfox@redhat.com, herrold@owlriver.com, borgan@redhat.com
Subject: [Bug 27106] Changed - Text anaconda install loses state when
    switching through VC's
 
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=27106
 
... there is NO benefit for the the use of port 443 SSL here ... it falls
back to port 80 http, 

AND there is a COST -- LYNX-SSL (in which I view the web and read mail)
will NOT keep inter-session cookies for httpS sites ... this is a feature
so that a later hostile user has to re-auth intra-session ...

PLEASE change the mailder to the form:

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=27106
 
... so that I might not have to log in over and over as I read mail and
append to Bugzilla transactions ...
Comment 1 David Lawrence 2001-02-14 20:45:03 EST
I do not understand why you say there is no advantage to using the https
connection over using no ssl connection. This disallows people from seeing your
plaintext password over the network. Are you saying when using the link in an
SSL-capable browser it is redirecting back to an regular http connection? If
that is the case then there is a bug somewhere I need to look into. If this is
not the case then I do not know what needs fixing except for the possibility of
fixing lynx-ssl. In that case I would just remove the s in https before
accessing the link in the email. I was unaware that lynx-ssl had this
disadvantage when fixing the emails with the new links. I was asked by
management to add the https as the standard link since all developers in Red Hat
primarily use ssl-capable browsers that do not have the problems with logging in
multiple times.
Comment 2 R P Herrold 2001-03-09 21:21:04 EST
PLEASE pull the LYNX from the rawhide, which in RH now supports https, and see
how painful to EVERY TIME have to re-authenticate (since HTTPS cookies are not
retained)

Use it for a day, trying to go from reading mail in pine to viewing in lynx, and
you'll change your mind ...
Comment 3 Aleksey Nogin 2002-11-13 06:30:13 EST
IMHO, this is a lynx problem, not a bugzilla one.
Comment 4 David Lawrence 2002-12-20 11:07:35 EST
I have to agree, I have used lynx before and the last time I used it it still
did not support persistent cookies so I had to relogin each time I ran lynx. It
is unfortunate that each time you click on a link in an email it runs a new lynx
session which causes you to have to login. But I feel having the https in the
email far outweighs the disadvantages for people who click on it with SSL
capable browsers and forget to use https instead.

Note You need to log in before you can comment on or make changes to this bug.