Lukas Fleischer wrote:
For all tl;dr guys around. This is my proposal:
Use HTTPs links by default (this is already implemented).
Enable secure cookies.
Disallow HTTP login (or at least print a big, fat warning if a user tries to login via HTTP).
Possibly use HSTS.
This should fix all possible vulnerabilities related to HTTPs we can actually fix. Let me know if I missed something.
I've just read through all the threads but my reply is general so I'll post it here.
First, I strongly support the use of methods and protocols that improve privacy and security and I very much appreciate Pierre's and everyone else's efforts here.
Most of Lukas' proposal looks good to me.
I propose that all requests from an external referrer be redirected to HTTPS to catch users clicking onto the AUR via search engines. You could make this clear via a redirection page that informs the user of the security benefits of using HTTPS. Users who still wish to access the AUR via plain HTTP can still type in the HTTP address once and then browse the site (but not log in) normally.
As already discussed, it might not avoid all threats but it does avoid some, which is better than nothing, and blocking all HTTP would not be acceptable.
You could also add a warning to HTTP pages to notify users that HTTPS is available and recommended (along with a link).
Alternatively, you could just add a warning to HTTP requests with no referrer, i.e. requests typed directly into the address bar.