Bug 44910 - Processes should be SSL
Summary: Processes should be SSL
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Web Site
Classification: Red Hat
Component: Join_Process
Version: current
Hardware: i386
OS: Linux
high
medium
Target Milestone: ---
Assignee: Tom Lancaster
QA Contact: Web Development
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-06-18 19:45 UTC by Jay Turner
Modified: 2015-01-07 23:46 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2003-06-25 15:17:39 UTC


Attachments (Terms of Use)

Description Jay Turner 2001-06-18 19:45:34 UTC
Description of Problem:
Both the /join process as well as simply logging into the site should be
done via SSL, as otherwise it is quite easy to sniff the packets, thus
retrieving both the username and password of the user.

How Reproducible:


Steps to Reproduce:
1. 
2. 
3. 

Actual Results:


Expected Results:


Additional Information:

Comment 1 Jay Turner 2001-09-18 13:40:28 UTC
Still an issue.

Comment 2 Jay Turner 2001-09-28 15:37:48 UTC
Yep, still there.

Comment 3 Tom Lancaster 2001-10-09 00:40:32 UTC
This solution depends on a resolution to the issue of what to do with banner ads
when a user is on ssl. In talking with Rob Byars and Aragorn we decided that 
no doubleclick ads would be displayed when people were using ssl.
When the component for this is built, we should be able to move back to using
ssl for login and once logged in.


Note You need to log in before you can comment on or make changes to this bug.