Enable SSL just for login

dennylin93 · February 08, 2010, 08:55:30 PM

Hi, I saw ticket #1484764 a while ago.

I'd like to see this feature implemented, and I'll try to come up with a patch in a few days.

However, I'm not really sure if it's secure. RC seems to store the user's password in $_SESSION['password'], and it's decrypted whenever the password's needed. Is session data stored on the server or on the client's computer?

SKaero · February 08, 2010, 10:09:11 PM

It is stored on the server.

dennylin93 · February 08, 2010, 10:50:45 PM

Great. I'll start working on it as soon as I have some spare time.

Enable SSL just for login

dennylin93

SKaero

dennylin93