[wp-trac] [WordPress Trac] #10267: Login form SSL is confusing

WordPress Trac wp-trac at lists.automattic.com
Thu Jun 25 10:12:48 GMT 2009


#10267: Login form SSL is confusing
-------------------------------+--------------------------------------------
 Reporter:  Denis-de-Bernardy  |       Owner:  ryan            
     Type:  defect (bug)       |      Status:  new             
 Priority:  normal             |   Milestone:  2.8.1           
Component:  Security           |     Version:                  
 Severity:  normal             |    Keywords:  has-patch tested
-------------------------------+--------------------------------------------
 With ssl_admin off, and ssl_login on, the login form sends a secure POST
 request. But end-users can be confused into thinking that they're about to
 send a non-secure post unless they view the page's source code.

 The attached patch enforces SSL on the form as well, to avoid this
 confusion.

 Brought this up in IRC, and it gets +1 from Viper007Bond and DD32 as well.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/10267>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list