27 Oct
2010
27 Oct
'10
2:14 p.m.
On Wed, 27 Oct 2010 11:40:19 +0300, Ionuț Bîru <ibiru@archlinux.org> wrote:
As i said earlier in a reply to Loui, maybe we can do it better.Having https only for login and then redirecting to http is like not having it at all.
Simply using https for all connections is the easiest and best solution imho. Everything in between is either insecure or inconvenient for the users. And I also don't see the need for it. Every sane http client should handle a http redirect and https. If it does not it's just a bug in the client. Of course it is unfortunate that this wasn't tested by the clyde author before. -- Pierre Schmitz, https://users.archlinux.de/~pierre