View Issue Details

IDCategoryLast Update
0007446other2017-08-16 17:25
ReportermarcanAssigned To 
Reproducibilityalways 
Status newResolutionopen 
Product Version 
Fixed in Version 
Summary0007446: Website: mantis is not using HTTPS
DescriptionThe bug tracker website is not using HTTPS for login. This is a very bad practice, as credentials can be trivially sniffed by e.g. people on the same network.

I see the main Ardour website is using Let's Encrypt. The tracker subdomain should do the same.
TagsNo tags attached.

Activities

paul

2017-08-16 17:25

administrator   ~0019979

Using shared credentials across websites is an even worse idea.

I don't really consider access to anyone's credentials on tracker.ardour.org to be a particular significant issue.

I agree that we should use https here also, but it isn't as simple as on ardour.org or community.ardour.org, because they are not all hosted in the same place right now.

Issue History

Date Modified Username Field Change
2017-08-14 04:33 marcan New Issue
2017-08-16 17:25 paul Note Added: 0019979