[pmwiki-users] security (again!)
Guillermo Calderon - INCO
calderon at fing.edu.uy
Mon Mar 9 13:10:27 CDT 2009
> On Saturday 07 March 2009 22.40.45 James M wrote:
>> Thanks for the suggestion Guillermo. I copied your lines of code into
>> config.php and it makes no difference when I go to login.
>> Is there anthing I'm missing?
> It probably works fine, it's just that you don't notice any difference. Only
> when you click on Login is your password sent through HTTPS.
> But, the login page itself should be fetched with HTTPS as well. Otherwise,
> the user can't tell if the login form is an attempt to steal passwords, or if
> it's the Real Thing.
¿Can you explain better this point?.
I don't see why it is necessary to send the login page encrypted
More information about the pmwiki-users