You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's currently possible to go to http://hostname.com which loads the login page. When users use this to log in, the username and password is transmitted in plaintext.
There should be an option in settings to force SSL for login which will redirect users to https://hostname.com.
It could be done at the web server level, however, this will prevent http websites to access http://hostname.com/piwik.js.
Proposed enhancement is a web redirect if the login page is accessed over http and secure HTTPS is enabled in the admin options.
The text was updated successfully, but these errors were encountered:
It's currently possible to go to http://hostname.com which loads the login page. When users use this to log in, the username and password is transmitted in plaintext.
There should be an option in settings to force SSL for login which will redirect users to https://hostname.com.
It could be done at the web server level, however, this will prevent http websites to access http://hostname.com/piwik.js.
Proposed enhancement is a web redirect if the login page is accessed over http and secure HTTPS is enabled in the admin options.
The text was updated successfully, but these errors were encountered: