IVLE should be able to be run over HTTPS
Bug #523010 reported by
David Coles
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| IVLE |
Fix Released
|
High
|
David Coles | ||
Bug Description
Since we required users to log in, possibly over unsecure connections, IVLE should support being run over HTTPS. This becomes more critical when using external authorization that may impact the security of over applications besides IVLE.
At very least we need to protect the login screen, but it might be worth using HTTPS whenever a user is logged into IVLE. Not sure what to do about public mode - I guess it wouldn't hurt to secure that too.
Should just be a case of proving an example configuration for Apache.
Revision history for this message
| David Coles (dcoles) wrote | #1 |
| Changed in ivle: | |
| status: | Confirmed → Fix Committed |
| Changed in ivle: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Fixed in r1608.
Provided a simple Apache configuration example that can be used to run IVLE over HTTPS. Blanket configuration that runs redirects all HTTP request for both public and main IVLE to the HTTPS virtual host.