View Issue Details
|ID||Category||Date Submitted||Last Update|
|0007446||other||2017-08-14 04:33||2017-08-16 17:25|
|Fixed in Version|
|Summary||0007446: Website: mantis is not using HTTPS|
|Description||The bug tracker website is not using HTTPS for login. This is a very bad practice, as credentials can be trivially sniffed by e.g. people on the same network.|
I see the main Ardour website is using Let's Encrypt. The tracker subdomain should do the same.
|Tags||No tags attached.|
Using shared credentials across websites is an even worse idea.
I don't really consider access to anyone's credentials on tracker.ardour.org to be a particular significant issue.
I agree that we should use https here also, but it isn't as simple as on ardour.org or community.ardour.org, because they are not all hosted in the same place right now.