Re: Marketing-trac: #157: https doesn't work correctly on fedoramagazine.org

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



#157: https doesn't work correctly on fedoramagazine.org
------------------------------+-----------------------------
  Reporter:  sparks           |      Owner:  chrisroberts
      Type:  task             |     Status:  reopened
  Priority:  major            |  Milestone:  Future releases
 Component:  Fedora Magazine  |   Severity:  urgent
Resolution:                   |   Keywords:
Blocked By:                   |   Blocking:
------------------------------+-----------------------------
Changes (by sparks):

 * status:  closed => reopened
 * resolution:  wontfix =>


Comment:

 Actually, HTTPS is needed to keep the authentication tickets a secret.
 It's fine that FAS authentication is encrypted but when the ticket is
 passed around for authentication purposes in WP in the clear it leaves
 your authentication open for attack (and could leave other services
 vulnerable that use FAS for auth).  This is a known attack vector and I
 believe we've seen some attacks in the wild with this.

-- 
Ticket URL: <https://fedorahosted.org/marketing-team/ticket/157#comment:2>
marketing-team <https://fedoraproject.org/wiki/Marketing>
Marketing team for the Fedora project.
-- 
marketing mailing list
marketing@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/marketing





[Index of Archives]     [Fedora Mentors]     [Kernel Developers]     [Fedora Packaging]     [Fedora Desktop]     [PAM]     [Gimp Users]     [Yosemite Camping]

  Powered by Linux