[wp-trac] [WordPress Trac] #10267: Login form SSL is confusing
WordPress Trac
wp-trac at lists.automattic.com
Thu Jun 25 10:12:48 GMT 2009
#10267: Login form SSL is confusing
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8.1
Component: Security | Version:
Severity: normal | Keywords: has-patch tested
-------------------------------+--------------------------------------------
With ssl_admin off, and ssl_login on, the login form sends a secure POST
request. But end-users can be confused into thinking that they're about to
send a non-secure post unless they view the page's source code.
The attached patch enforces SSL on the form as well, to avoid this
confusion.
Brought this up in IRC, and it gets +1 from Viper007Bond and DD32 as well.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10267>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list