[Bug 570864] New: Review Request: drupal-securepages_prevent_hijack - Secure Pages add-on that prevents hijacked sessions from accessing SSL pages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: Review Request: drupal-securepages_prevent_hijack - Secure Pages add-on that prevents hijacked sessions from accessing SSL pages

https://bugzilla.redhat.com/show_bug.cgi?id=570864

           Summary: Review Request: drupal-securepages_prevent_hijack -
                    Secure Pages add-on that prevents hijacked sessions
                    from accessing SSL pages
           Product: Fedora
           Version: rawhide
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: medium
          Priority: medium
         Component: Package Review
        AssignedTo: nobody@xxxxxxxxxxxxxxxxx
        ReportedBy: orion@xxxxxxxxxxxxx
         QAContact: extras-qa@xxxxxxxxxxxxxxxxx
                CC: notting@xxxxxxxxxx, fedora-package-review@xxxxxxxxxx
        Depends on: 570862
   Estimated Hours: 0.0
    Classification: Fedora


Spec URL:
http://www.cora.nwra.com/~orion/fedora/drupal-securepages_prevent_hijack.spec
SRPM URL:
http://www.cora.nwra.com/~orion/fedora/drupal-securepages_prevent_hijack-6.x.1.5-1.fc12.src.rpm

Description:
This is an add-on to the Secure Pages module that will prevent hijacked
sessions from accessing SSL pages, yet still allow users to stay logged in
when browsing non-SSL pages.

The login form is also secured, both on the user page and the login block.

This module is recommended for most securepages users. (One possible
exception is if you have set session.cookie_secure, and you have "Switch back
to http" disabled in the securepages settings.)

Please do consider carefully the inherent limitations of mixed HTTP / HTTPS
sessions. For an analysis of various approaches to using SSL, see this[1]
article on crackingdrupal.com.

[1] -
http://crackingdrupal.com/blog/greggles/drupal-and-ssl-multiple-recipes-possible-solutions

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
package-review mailing list
package-review@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/package-review
[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]