[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Bug#7074: https
From: David Faure <david () mandrakesoft ! com>
Date: 2000-08-01 11:56:42
[Download RAW message or body]
On Tue, Aug 01, 2000 at 01:29:01PM +0200, Gerald Teschl wrote:
> Package: konqueror
> Version: 1.9.3 (KDE 1.92 Beta >= 20000720)
> Severity: critical
>
> If I open a secure page (https) tcpdump shows that an unencrypted http
> connection is made in stead of a secure one!!!!! The user gets the impression that
> all information can be submitted securely but in reality everything is sent
> unencrypted over the net!?
Do you have openssl installed ?
> I consider this a high security problem!
I definitely agree. I've been saying many times that
kio_https should show an error if there's no ssl support instead
of silently falling back to normal http.
--
David FAURE
david@mandrakesoft.com, faure@kde.org
http://home.clara.net/faure/, http://www.konqueror.org/
KDE, Making The Future of Computing Available Today
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic