no SSL security on RTM login redirected from GMail
awaddell says:
Hi, I have gmail configured to 'always use https'. Living in Asia, *everybody* snoops on your traffic and imo port 80 is just the world's digital toilet. So anyway, there does not seem to be any way I can affect this - other than logging in via https:// first. And I'd have to dig deep to know if that was secure anyway.
What's needed I think, is that when Gmail is using $PROTO = HTTPS then the iframe link to RTM needs to match the protocol. I guess the firefox extension needs to understand this.
Keep up the good work.
AW
What's needed I think, is that when Gmail is using $PROTO = HTTPS then the iframe link to RTM needs to match the protocol. I guess the firefox extension needs to understand this.
Keep up the good work.
AW
emily (Remember The Milk) says:
Hi awaddell,
When accessing Gmail via HTTPS, both logins to RTM for Gmail and task data are encrypted. (When accessing Gmail via HTTP, just logins are encrypted.)
The login URL is misleading, sorry, as it's HTTP, but it submits to HTTPS in either case.
Hope this helps!
When accessing Gmail via HTTPS, both logins to RTM for Gmail and task data are encrypted. (When accessing Gmail via HTTP, just logins are encrypted.)
The login URL is misleading, sorry, as it's HTTP, but it submits to HTTPS in either case.
Hope this helps!