@julienmoumne opened this Issue on December 5th 2010 Member

http://dev.piwik.org/trac/login is accessible in plain HTTP, passwords are sent without encryption

mod_rewrite or mod_alias will do the trick

HTTPS access needs to be fixed aswell, right now it returns:

    Secure Connection Failed

    An error occurred during a connection to dev.piwik.org.

    SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long)
@mattab commented on October 1st 2012 Member

Now https://dev.piwik.org/trac/ works in SSL without warning (thanks Cyril!)

SSL login is not enabled / forced by default, but is usable if you use direct https access https://dev.piwik.org/trac/

@mattab commented on March 11th 2013 Member

Thx for suggestion. now the login form will redirect to HTTPS if http. Same for trac/admin requests.

This Issue was closed on March 11th 2013
Powered by GitHub Issue Mirror