[Ohrrpgce] Can't log in to wiki over HTTP
Adam Perry
arperry at gmail.com
Thu Sep 17 06:57:31 PDT 2020
It is not a good idea to have an HTTP login page. Your credentials are sent
in plain text when you log in via HTTP.
I realize that the OHR wiki isn't the most high-profile target for hackers,
but it's still a bad idea. We don't need to allow wiki editing to everyone
able to use the engine if it means compromising security.
On Wed, Sep 16, 2020, 8:45 PM Ralph Versteegen <teeemcee at gmail.com> wrote:
> Holly reported, and I can confirm, that you can't log into the wiki, or
> create an account, when accessing it over HTTP instead of HTTPS. (I think I
> remember seeing this already quite a while ago.) You get the following
> message:
>
> "There seems to be a problem with your login session; this action has been
> canceled as a precaution against session hijacking. Please resubmit the
> form."
>
> It is nice to be able to access the wiki via HTTP, since HTTPS is
> inaccessible from ancient OSes such as some of those we support. If the
> login page could redirect from HTTP to HTTPS...
>
> Hmm, maybe I should file such things on github instead...
> _______________________________________________
> Ohrrpgce mailing list
> ohrrpgce at lists.motherhamster.org
> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.motherhamster.org/pipermail/ohrrpgce-motherhamster.org/attachments/20200917/233b53cd/attachment.html>
More information about the Ohrrpgce
mailing list