Opened 15 years ago
Closed 10 years ago
#10268 closed defect (bug) (invalid)
Profile and Edit user pages should be secure too
Reported by: | Denis-de-Bernardy | Owned by: | ryan |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Security | Keywords: | has-patch |
Focuses: | Cc: |
Description
With admin_ssl off, and login_ssl on, the profile page ends up insecure. It should at least send its POST request over SSL, since a new password might be set.
And possibly use a secure form as well (see #10267).
Attachments (1)
Change History (9)
Note: See
TracTickets for help on using
tickets.
see also #10268 regarding the profile page.