On Tue, Mar 14, 2017 at 03:59:18PM -0400, Leo Famulari wrote: > The Savannah login page includes a checkbox that reads "Stay in secure > (https) mode after login". > > Just to see what would happen, I logged in with this box unchecked. I > ended up at <https://savannah.gnu.org/>. I couldn't convince Savannah > and my browsers to log me in to <http://savannah.gnu.org/>. > > So I'm wondering, what does that checkbox do? Is there still a > possibility that some communication will pass over unauthenticated > channels? > > While logged in, I manually entered the HTTP URL and was still able to > access the administration interface for a group that I administer over > the unauthenticated connection.
I should have searched the archives before sending this message. The subject has already been discussed: http://lists.gnu.org/archive/html/savannah-hackers-public/2014-01/msg00002.html And more generally: http://lists.gnu.org/archive/html/savannah-hackers-public/2016-10/msg00002.html
signature.asc
Description: PGP signature
