Closed Bug 564003 Opened 15 years ago Closed 14 years ago

Review LDAP Security in Sandboxes

Categories

(Socorro :: General, task)

Product:
Socorro
Component:
General
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: ryansnyder, Unassigned)

Details

This is a security concern that came up during the security talk at the webdev onsite week. Our sandboxes are not setup with HTTPS support. When we access the /admin area of the site, we are required to login to LDAP. My concern is that we're logging into LDAP over HTTP, and that our actual Moz usernames and passwords are going over the wire in clear text. This being the case, we should either provide HTTPS support for our sandboxes or allow access to /admin for unauthenticated users in the sandbox area only.
Has this been looked into? Sounds like something that should be lying around in a public bug report for as long as it already has...
Sandboxes on khan require VPN which requires LDAP. Stage forces https.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
Component: Socorro → General
Product: Webtools → Socorro
You need to log in before you can comment on or make changes to this bug.