[Pharo-users] Insecure issue tracker registration

Marcus Denker marcus.denker at inria.fr
Fri Jun 15 05:15:13 EDT 2018


Hello,

yes, we really need to setup SSL for that server. I will have a look next week.

> On 13 Jun 2018, at 10:25, Manuel Leuenberger <leuenberger at inf.unibe.ch> wrote:
> 
> Hi,
> 
> I announced my concerns on Discord already, but got no reaction, so I post it here as well to have it properly archived.
> 
> "A colleague just noticed that the registration for the issue tracker is HTTP-only. This is not an appropriate choice for sensitive data like a password. Any possibilities to make this HTTPS-only?
> Link: http://tracker.pharo.org/issues-register-service, setting https:// manually does not work"
> 
> From my perspective this is a serious problem that should be quickly addressed, it's not just a nice to have feature. Not treating sensitive data with proper care leaves an image of not caring about user security and looks unprofessional. I don't think that is what Pharo needs.
> 
> Cheers,
> Manuel




More information about the Pharo-users mailing list