Please open a ticket about this. I can fix it tonight but I do not want to forget.
Massimo On Tuesday, 19 June 2012 16:32:38 UTC-5, pyhead wrote: > > Security vulnerability > > When accessing the admin page on a server with http and https both enbled, > admin may accidentally attempt to login via http. The login page looks the > same and displays an input for the password even when the login will be > rejected due to insecure http protocol, while still allowing you to send > the password unencrypted. > > Some web browsers now (stupidly) don't even display the protocol in the > address bar, making it even harder to tell if it is http or https. > > Solution > > Only display the admin password input to connections from localhost and > https. > >
