Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login Page - Security Enhancement #6855

Closed
surfi2000 opened this issue Dec 15, 2014 · 1 comment
Closed

Login Page - Security Enhancement #6855

surfi2000 opened this issue Dec 15, 2014 · 1 comment
Labels
worksforme The issue cannot be reproduced and things work as intended.

Comments

@surfi2000
Copy link

It's currently possible to go to http://hostname.com which loads the login page. When users use this to log in, the username and password is transmitted in plaintext.

There should be an option in settings to force SSL for login which will redirect users to https://hostname.com.

It could be done at the web server level, however, this will prevent http websites to access http://hostname.com/piwik.js.

Proposed enhancement is a web redirect if the login page is accessed over http and secure HTTPS is enabled in the admin options.
@mattab
Copy link
Member

mattab commented Dec 15, 2014

Hi @surfi2000 see http://piwik.org/faq/how-to/faq_91/

@mattab mattab closed this as completed Dec 15, 2014
@mattab mattab added the worksforme The issue cannot be reproduced and things work as intended. label Dec 15, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
worksforme The issue cannot be reproduced and things work as intended.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mattab @surfi2000