[gatein-issues] [JBoss JIRA] Commented: (GTNPORTAL-1606) HTTPS protection of login and password changes

Tuesday, 15 March 2011

    [
https://issues.jboss.org/browse/GTNPORTAL-1606?page=com.atlassian.jira.pl...
] 

Minh Hoang TO commented on GTNPORTAL-1606:
------------------------------------------

The solution is to create a servlet filter that modifies request scheme then sends a
redirect response. The filter should follows pattern of GenericFilter to support extension
mechanism

...
 HTTPS protection of login and password changes
 ----------------------------------------------

                 Key: GTNPORTAL-1606
                 URL: https://issues.jboss.org/browse/GTNPORTAL-1606
             Project: GateIn Portal
          Issue Type: Feature Request
      Security Level: Public(Everyone can see) 
    Affects Versions: 3.1.0-GA
            Reporter: Bill Elliot
            Assignee: Minh Hoang TO
              Labels: portal-s49
   Original Estimate: 1 day
  Remaining Estimate: 1 day

 It is good security practice to use HTTPS when having the user enter any sensitive
information like passwords. Can we have the portal modified so that the login and password
change screens are placed into HTTPS mode, if HTTPS has been configured. Personally I
would not be using a site that does not use HTTPS for login. 
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[gatein-issues] [JBoss JIRA] Commented: (GTNPORTAL-1606) HTTPS protection of login and password changes