What to do with ssl="authenticated sessions" + code freeze date for Bugzilla 3.6
David Lawrence
dkl at redhat.com
Wed Aug 19 14:18:38 UTC 2009
On 08/18/2009 08:58 PM, Frédéric Buclin wrote:
> At the Bugzilla meeting today, there has been some discussion about what
> to do with the "authenticated sessions" value of the ssl parameter now
> that you can log in from every page. It seems that it doesn't make sense
> to keep this value anymore as all pages must be protected using SSL as
> you can potentially use any of them to log in. Does anyone see a valid
> reason to not kill this value? This means the ssl parameter would become
> a single yes/no to use ssl or not, see bug 329638.
>
>
As mentioned in the meeting, we (Red Hat) do not utilize this functionality
since our multiple web servers sit behind a load balancing proxy which does
the automatic redirect to SSL for all requests. So we normally keep the
ssl param set to 'never' now anyway. So I vote yes for this change.
Dave
--
David Lawrence, RHCE dkl at redhat.com
------------------------------------
Red Hat, Inc. Web: www.redhat.com
1801 Varsity Drive Raleigh, NC 27606
More information about the developers
mailing list