Use https where it's possible
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mustard |
Fix Committed
|
Undecided
|
Michele Azzolari | ||
Bug Description
If I add an twitter account to mustard I have the option to use SSL. I'm not sure if https is used everywhere. For example I found the url "http://
But I couldn't find this option for an identi.ca account. I tried to add a new identi.ca account and mustard redirects directly to "http://
I also analyzed the traffic from mustard on my own wlan yesterday with wireshark and the connections to twitter seems to be https, but the connections to identi.ca are only http.
So there should be an option or it should be default to use https instead of http. I attended a barcamp this weekend and there was a talk about the firesheep firefox extension and the guy talked about how much information he could collect on the free wlan connection. So I think it is important that https is used as a default setting for all services - if possible!
| Michele Azzolari (macno) wrote | #1 |
| Changed in mustardroid: | |
| status: | New → Incomplete |
| status: | Incomplete → Fix Committed |
| assignee: | nobody → macno (macno) |
I'm moving to https the identi.ca Login button.
Thanks for reporting