[pmwiki-users] security (again!)

Guillermo Calderon - INCO calderon at fing.edu.uy
Mon Mar 9 13:10:27 CDT 2009

Olle escribió:
> On Saturday 07 March 2009 22.40.45 James M wrote:
>> Thanks for the suggestion Guillermo.  I copied your lines of code into
>> config.php and it makes no difference when I go to login.
>> Is there anthing I'm missing?
> It probably works fine, it's just that you don't notice any difference. Only 
> when you click on Login is your password sent through HTTPS. 
> But, the login page itself should be fetched with HTTPS as well. Otherwise, 
> the user can't tell if the login form is an attempt to steal passwords, or if 
> it's the Real Thing. 

¿Can you explain better this point?.
I don't see why it is necessary to send the login page encrypted

More information about the pmwiki-users mailing list