![](https://seccdn.libravatar.org/avatar/5208f59307a2705ba9811a153406f094.jpg?s=120&d=mm&r=g)
On Jul 28, 10 16:00:27 -0600, Matthew Ehle wrote:
Hello,
There are two major problems with the bento theme login which will need to be fixed. Until they are, I am recommending that everyone avoid using the javascript login form and instead use the standard login page that is used by the legacy wiki.
Issue 1: The login form sends information in plain text over plain HTTP. I have actually fixed this on stage, but perhaps others would like to review it to make sure that passwords aren't being sent in clear text anymore. Assuming that is the case, it can go live when I run the next update. So please try this out in stage (if you are able) and get back to me. If one of you have WireShark installed, that would be perfect.
Wireshark confused me today. I don't see any cleartext password with enstage, but I fail to verify that I have seen all TCP packets. Firebug tells me that the javascript dropdown login sends it to https://enstage.opensuse.org/ICSLogin/auth-up Also, http://enstage.opensuse.org/ICHAINLogout/?%22http://en.opensuse.org/cmd/ICSL... promotes to https, before accepting my password. Looks good, so far. thanks, JW- -- o \ Juergen Weigert paint it green! __/ _=======.=======_ <V> | jw@suse.de back to ascii! __/ _---|____________\/ \ | 0911 74053-508 __/ (____/ /\ (/) | _____________________________/ _/ \_ vim:set sw=2 wm=8 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) "Why would it be stupid to assume that a file can continue to be accessed by the same name in the future?" Brion Vibber bwmo#15842#c12 -- To unsubscribe, e-mail: opensuse-wiki+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-wiki+help@opensuse.org