[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] Bugday reminder
From:       Kalin KOZHUHAROV <kalin () thinrope ! net>
Date:       2006-03-31 7:56:55
Message-ID: 442CE0C7.8010706 () thinrope ! net
[Download RAW message or body]

Bjarke Istrup Pedersen wrote:

> Something interresting has happend since last, the new bugday site has
> gone into official beta, and can been seen on
> http://bugday.gentoo.org/bugdaytest . Please do some testing with it,
> and report any bugs you find back to me.

Bug #1:
Do *NOT* ask for Bugzilla credentials over plain HTTP!

Even if it is just beta testing, you are using real account information
and that is a very bad approach as far as security practices go.

Add SSL support (or fix it, 'cause https://bugday.gentoo.org/bugdaytest/
is a 404 and https://bugday.gentoo.org/ is plain bugs.gentoo org or is it?)

Bug #2:
Add an error page explaining what is wrong with a login attempt

If you try to login, you are just thrown back to the original URL (slightly
dressed up as http://bugday.gentoo.org/bugdaytest/bugday.php) without any
notice of a failed login attempt.

When Bug #1 gets fixed, I can further test.

Kalin.

-- 
|[ ~~~~~~~~~~~~~~~~~~~~~~ ]|
+-> http://ThinRope.net/ <-+
|[ ______________________ ]|

-- 
gentoo-dev@gentoo.org mailing list

[prev in list] [next in list] [prev in thread] [next in thread]