On 13 June 2018 at 16:25, Manuel Leuenberger <leuenber...@inf.unibe.ch> wrote:
> Hi, > > I announced my concerns on Discord already, but got no reaction, so I post > it here as well to have it properly archived. > > "A colleague just noticed that the registration for the issue tracker is > HTTP-only. This is not an appropriate choice for sensitive data like a > password. Any possibilities to make this HTTPS-only? > Link: http://tracker.pharo.org/issues-register-service, setting https:// > manually does not work" > > From my perspective this is a serious problem that should be quickly > addressed, it's not just a nice to have feature. Not treating sensitive > data with proper care leaves an image of not caring about user security and > looks unprofessional. I don't think that is what Pharo needs. Thanks for raising this. You're concerns are valid, but in the meantime until someone can change it to https, just use a temporary password and immediately change it the first time you log onto Fogbugz - which is a https service. @all, If its difficult to add https to it, then perhaps at least a not can be added to advise using a temporary password. cheers -ben
