44910 – Processes should be SSL

Bug 44910 - Processes should be SSL

Summary: Processes should be SSL

Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Web Site
Classification:	Red Hat
Component:	Join_Process
Sub Component:
Version:	current
Hardware:	i386
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Tom Lancaster
QA Contact:	Web Development
Docs Contact:
URL:
Whiteboard:
Keywords:	Security
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-06-18 19:45 UTC by Jay Turner
Modified:	2015-01-07 23:46 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:
Doc Text:	(edit)
Clone Of:
Environment:	(edit)
Last Closed:	2003-06-25 15:17:39 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jay Turner 2001-06-18 19:45:34 UTC

Description of Problem:
Both the /join process as well as simply logging into the site should be
done via SSL, as otherwise it is quite easy to sniff the packets, thus
retrieving both the username and password of the user.

How Reproducible:


Steps to Reproduce:
1. 
2. 
3. 

Actual Results:


Expected Results:


Additional Information:

Comment 1 Jay Turner 2001-09-18 13:40:28 UTC

Still an issue.

Comment 2 Jay Turner 2001-09-28 15:37:48 UTC

Yep, still there.

Comment 3 Tom Lancaster 2001-10-09 00:40:32 UTC

This solution depends on a resolution to the issue of what to do with banner ads
when a user is on ssl. In talking with Rob Byars and Aragorn we decided that 
no doubleclick ads would be displayed when people were using ssl.
When the component for this is built, we should be able to move back to using
ssl for login and once logged in.

Note You need to log in before you can comment on or make changes to this bug.