[gatein-issues] [JBoss JIRA] Commented: (GTNPORTAL-1606) HTTPS protection of login and password changes
Minh Hoang TO (JIRA)
jira-events at lists.jboss.org
Tue Mar 15 21:55:48 EDT 2011
[ https://issues.jboss.org/browse/GTNPORTAL-1606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12588165#comment-12588165 ]
Minh Hoang TO commented on GTNPORTAL-1606:
------------------------------------------
The solution is to create a servlet filter that modifies request scheme then sends a redirect response. The filter should follows pattern of GenericFilter to support extension mechanism
> HTTPS protection of login and password changes
> ----------------------------------------------
>
> Key: GTNPORTAL-1606
> URL: https://issues.jboss.org/browse/GTNPORTAL-1606
> Project: GateIn Portal
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Affects Versions: 3.1.0-GA
> Reporter: Bill Elliot
> Assignee: Minh Hoang TO
> Labels: portal-s49
> Original Estimate: 1 day
> Remaining Estimate: 1 day
>
> It is good security practice to use HTTPS when having the user enter any sensitive information like passwords. Can we have the portal modified so that the login and password change screens are placed into HTTPS mode, if HTTPS has been configured. Personally I would not be using a site that does not use HTTPS for login.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list