id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
10267,Login form SSL is confusing,Denis-de-Bernardy,ryan,"With ssl_admin off, and ssl_login on, the login form sends a secure POST request. But end-users can be confused into thinking that they're about to send a non-secure post unless they view the page's source code.

The attached patch enforces SSL on the form as well, to avoid this confusion.

Brought this up in IRC, and it gets +1 from Viper007Bond and DD32 as well.",defect (bug),new,normal,Future Release,Security,,normal,,needs-patch,