Libravatar (obsolete)

Logged in sessions should be encrypted

Bug #769734 reported by François Marier
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Libravatar (obsolete)
Fix Released
Medium
François Marier

Bug Description

The main application should be split between a secure one (/account/) delivered over HTTPS and an insecure one (/public/ and /tools/) over HTTP.

Unfortunately, this requires another SSL cert and using SNI (which doesn't work on Windows XP) or it means we need to pay for a wildcard cert...

Tags: security ssl
François Marier (fmarier)
tags: added: security
Revision history for this message
François Marier (fmarier) wrote :

This article (http://www.redrobotstudios.com/blog/2009/02/18/securing-django-with-ssl/) mentions two things:

- DJango settings for HTTPS-only cookies
- Custom https_required decorator for views

Revision history for this message
François Marier (fmarier) wrote :

The whole thing is now running over HTTPS.

Changed in libravatar:
assignee: nobody → François Marier (fmarier)
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.