is it viable for osgeo to be offering trac etc via http in 2014?
–
Zac Spitzer
On 04/08/2014 06:30 AM, Zac Spitzer wrote:
is it viable for osgeo to be offering trac etc via http in 2014?
Thanks for raising this question again. I agree Logins should be forced
to https, right now a user has to consciously choose. As for whole site
https all the time. Well if the trac instance doesn't have any private
tickets I'm not sure it's necessary. But I would be fine with
authenticated sessions staying in https.
Having non-https for non-authenticated sessions does make browsing and
anonymous svn checkouts faster.
Any other opinions?
Thanks,
Alex
On Tue, Apr 08, 2014 at 10:08:35AM -0700, Alex Mandel wrote:
Thanks for raising this question again. I agree Logins should be forced
to https,
+1
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
On 04/08/2014 03:14 PM, Martin Spott wrote:
On Tue, Apr 08, 2014 at 10:08:35AM -0700, Alex Mandel wrote:
Thanks for raising this question again. I agree Logins should be forced
to https,+1
Martin.
I can't think of a good reason not to do this. So we should audit and
fix all sites to force https for login pages.
Debate is still open about if once logged in we should force https.
Thanks,
Alex