Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

caml.inria.fr mantis login page is not SSL #7035

Closed
vicuna opened this issue Nov 2, 2015 · 10 comments
Closed

caml.inria.fr mantis login page is not SSL #7035

vicuna opened this issue Nov 2, 2015 · 10 comments
Assignees

Comments

@vicuna
Copy link

vicuna commented Nov 2, 2015

Original bug ID: 7035
Reporter: kevinchen
Assigned to: @damiendoligez
Status: resolved (set by @xavierleroy on 2017-02-19T15:48:28Z)
Resolution: fixed
Priority: normal
Severity: major
Category: web site
Monitored by: chrismamo1 kevinchen

Bug description

The mantis login and password update pages are not forced to be accessed over SSL. In fact, it is not possible to load HTTPS versions of these pages.

File attachments

@vicuna
Copy link
Author

vicuna commented Dec 9, 2015

Comment author: @xavierleroy

A TLS certificate is being ordered. Should be fixed soon.

@vicuna
Copy link
Author

vicuna commented Jan 28, 2016

Comment author: dobenour

Still not fixed.

@vicuna
Copy link
Author

vicuna commented Feb 9, 2016

Comment author: @alainfrisch

What's the reason for setting Target Version = 4.03, since this is unrelated to release code?

@vicuna
Copy link
Author

vicuna commented Feb 25, 2016

Comment author: @damiendoligez

Every bug must have a target version, and I'd like to fix this soon.

@vicuna
Copy link
Author

vicuna commented May 17, 2016

Comment author: dobenour

Any updates?

If funding is a problem then Let's Encrypt provides free certs.

@vicuna
Copy link
Author

vicuna commented May 17, 2016

Comment author: dobenour

After this is fixed all logins should be invalidated and all passwords reset.

Also, the entire caml.inria.fr site should be made HTTPS-only.

@vicuna
Copy link
Author

vicuna commented Oct 21, 2016

Comment author: @damiendoligez

OK, we've got a valid certificate and the whole mantis subsite is now https-only (with a nice redirect if you try to connect via http). Is it really necessary to reset all passwords?

As far as making caml.inria.fr https-only, I don't see the point. Anyone who wants to use it under https can do so... except that I haven't figured out how to switch the search engine to https.

@vicuna
Copy link
Author

vicuna commented Oct 21, 2016

Comment author: @damiendoligez

I've figured out the search thing, so all browsers are now happy with https://caml.inria.fr/ .

@vicuna
Copy link
Author

vicuna commented Oct 21, 2016

Comment author: @alainfrisch

It would be useful to delete spam users (esp. to simplify searching for issuers submitted by a specific user), but I don't know how this can be automated.

@vicuna
Copy link
Author

vicuna commented Feb 19, 2017

Comment author: @xavierleroy

Let's agree the problem is fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants