Mahara

  1. Bug #646713
  2. Comment #7

Comment 7 for bug 646713

Revision history for this message
François Marier (fmarier) wrote : Re: js config.wwwroot ignores httpswwwroot

As Firesheep (http://codebutler.com/firesheep?c=1) has pointed out, logins are not the only thing that needs to be protected. Session theft is now a very real threat.

Also, Google has released numbers showing that the overhead of SSL is actually fairly small. We should probably encourage people to run full SSL sites, especially if they already have a cert for their logins. No?