What to do with ssl="authenticated sessions" + code freeze date for Bugzilla 3.6

SnowyOwl vitaly.fedrushkov at gmail.com
Mon Aug 31 04:13:17 UTC 2009


On 19 авг, 06:58, "Frédéric Buclin" <lpso... at gmail.com> wrote:

> At the Bugzilla meeting today, there has been some discussion about what
> to do with the "authenticated sessions" value of the ssl parameter now
> that you can log in from every page. It seems that it doesn't make sense
> to keep this value anymore as all pages must be protected using SSL as
> you can potentially use any of them to log in. Does anyone see a valid
> reason to not kill this value? This means the ssl parameter would become
> a single yes/no to use ssl or not, see bug 329638.

The only scenario I could see is where some users do not have HTTPS
access at all.  For example, Bugzilla is used by staff from intranet
using HTTPS, but exposed to public internet as read-only searchable
knowledge base for users.

HTTPS may be unavailable to those users to reduce server load, as it
protects nothing in this setup.
_______________________________________________
dev-apps-bugzilla mailing list
dev-apps-bugzilla at lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-apps-bugzilla


More information about the developers mailing list