View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007446 | ardour | other | public | 2017-08-14 04:33 | 2017-08-16 17:25 |
| Reporter | marcan | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Summary | 0007446: Website: mantis is not using HTTPS | ||||
| Description | The bug tracker website is not using HTTPS for login. This is a very bad practice, as credentials can be trivially sniffed by e.g. people on the same network. I see the main Ardour website is using Let's Encrypt. The tracker subdomain should do the same. | ||||
| Tags | No tags attached. | ||||
|
|
Using shared credentials across websites is an even worse idea. I don't really consider access to anyone's credentials on tracker.ardour.org to be a particular significant issue. I agree that we should use https here also, but it isn't as simple as on ardour.org or community.ardour.org, because they are not all hosted in the same place right now. |
