2011-01-24 08:41:53 |
Michael Moroni |
description |
It kind of feels wrong that we display https pages (which might then claim that everything is secure on this page if you visit it using https) without any warning or a way to disable them at all. For users who are not aware of our complete lack of certificate handling this is a potential security threat. I'd recommend to add a option to explicitly enable https without warnings and otherwise give out a confirmation dialog whenever you visit a https page. |
It kind of feels wrong that we display https pages (which might then claim that everything is secure on this page if you visit it using https) without any warning or a way to disable them at all. For users who are not aware of our complete lack of certificate handling this is a potential security threat. I'd recommend to add a option to explicitly enable https without warnings and otherwise give out a confirmation dialog whenever you visit a https page.
Moved from FS: http://www.twotoasts.de/bugs/index.php?do=details&task_id=743 |
|