Gwibber

Gwibber should use SSL for all protocols

Bug #312291 reported by Evan McClain
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Gwibber
Fix Released
Critical
Ryan Paul

Bug Description

To prevent username/password from being broadcast in plain text, https should be used. This is important for all wifi users.

The attached patch seems to work for me.

Tags: security
Revision history for this message
Evan McClain (aeroevan) wrote :
Revision history for this message
Ryan Paul (segphault) wrote :

Thanks. I should have done this a long time ago. I'm going to apply this patch asap and then start testing https with all the other protocols.

Changed in gwibber:
assignee: nobody → segphault
importance: Undecided → Critical
status: New → Confirmed
Revision history for this message
Ryan Paul (segphault) wrote :

The Twitter patch has been committed and pushed to bzr. I'm going to leave this bug report open until I have finished fixing the other protocols.

Changed in gwibber:
status: Confirmed → In Progress
Revision history for this message
Ryan Paul (segphault) wrote :

Twitter, Identi.ca/Laconi.ca, Ping.fm, and Facebook all use SSL now. Jaiku and Digg don't seem to support it. I'm closing this for now, but please reopen if you find something I missed.

Changed in gwibber:
status: In Progress → Fix Released
Revision history for this message
Peter Hansen (peterih) wrote :

Perhaps there should be a comment in the configuration interface telling users that SSL is used. My initial reaction was that since I didn't find SSL as an option, it simply wasn't a feature, and I went with another client.

Revision history for this message
amixr (ahratolojanahary) wrote :

I would like to use facebook through https in gwibber but even in the login gwibber try to connect through http.
How can I patch gwibber to always use https to access facebook?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.