Details
-
Suggestion
-
Resolution: Won't Fix
-
None
-
None
-
Stand alone on Linux RH enterprise. Latest Sun JDK.
Description
It's a violation of our campus security policy to allow passwords to be transmitted in plaintext. They must be encrypted. You really need to support better security during the login process by allowing the admin to require SSL to log in.
Attachments
Issue Links
- blocks
-
CONFSERVER-5418 Plugin resource servlet does not provide headers necessary for caching
- Closed
- is related to
-
JRASERVER-15122 Encrypt passwords sent from login portlet/page to server.
- Closed
- relates to
-
CONFSERVER-18120 Unable to use HTTPS for login only
- Closed
-
JRASERVER-7250 Support for redirecting from HTTPS to HTTP
- Closed