[aur-general] Securing the AUR website

Thomas Bächler thomas at archlinux.org
Sat Aug 6 08:04:51 EDT 2011


Am 06.08.2011 10:52, schrieb Loui Chang:
> On Sat 06 Aug 2011 13:39 +0200, Thomas Bächler wrote:
>> Alternatively: Do not display a login form on http, instead display a
>> link "If you want to login, switch to a secure connection first.". This
>> way, the user verifies the certificate and URL first (by looking at the
>> URL bar), then enters his password.
> 
> I agree with this. As long as the rest of the site is functional via
> http.

This is a solution I can live with, too.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/aur-general/attachments/20110806/3cd7005b/attachment.asc>


More information about the aur-general mailing list