Announcement

#1 2011-08-30 18:32:27

mattonm
Member
2011-08-30
1

login security

I've just switched from Gallery2 to Piwigo.  I've searched my little heart out but didn't find any answers to my question.  I want to ensure that credentials aren't passed in clear text when a user or admin logs in.

When I click on login I'm brought to the identification page but it isn't https.  How can I fix this?  Also, if I login from the identification menu, are those credentials being passed in clear text as well?

I'm running ubuntu 11.04 with Piwigo installed from the repos.

Thanks,

Offline

 

#2 2011-08-31 20:25:50

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13104

Re: login security

Hi mattonm,

Unless you have HTTPS (with a certificate and so on), credentials are passed in clear text. There is a solution based on Digest access authentication but it's not supported by all browsers as far as I remember.


Latest blog post (November 28th 2017) Server failures in october and november 2017

Offline

 

Board footer

Powered by FluxBB

github twitter facebook google+ newsletter Donate Piwigo.org © 2002-2018 · Contact