View Issue Details

IDProjectCategoryView StatusLast Update
0007446ardourotherpublic2017-08-16 17:25
Reportermarcan Assigned To 
Status newResolutionopen 
Summary0007446: Website: mantis is not using HTTPS
DescriptionThe bug tracker website is not using HTTPS for login. This is a very bad practice, as credentials can be trivially sniffed by e.g. people on the same network.

I see the main Ardour website is using Let's Encrypt. The tracker subdomain should do the same.
TagsNo tags attached.



2017-08-16 17:25

administrator   ~0019979

Using shared credentials across websites is an even worse idea.

I don't really consider access to anyone's credentials on to be a particular significant issue.

I agree that we should use https here also, but it isn't as simple as on or, because they are not all hosted in the same place right now.

Issue History

Date Modified Username Field Change
2017-08-14 04:33 marcan New Issue
2017-08-16 17:25 paul Note Added: 0019979