Re: Requiring old password in order to change your password

http://www.perlmonks.org?node_id=880163

in reply to Requiring old password in order to change your password

the path of much bigger improvements in security

Is HTTPS support on the list?

--
No matter how great and destructive your problems may seem now, remember, you've probably only seen the tip of them. [1]

Comment on Re: Requiring old password in order to change your password

Replies are listed 'Best First'.
Re^2: Requiring old password in order to change your password (https) by tye (Sage) on Jan 03, 2011 at 14:07 UTC
Only for when logging in, yes. - tye	[reply]
Re^3: Requiring old password in order to change your password (https) by andreas1234567 (Vicar) on Jan 03, 2011 at 15:03 UTC
Thanks, that's one step in the right direction. Additionally, it would be great to consider (optionally) allowing https for all communications (not just logins) in your on-going security review of the site. Some claim SSL/TLS is not computationally expensive any more but that is of course subject to debate. Https everywhere is getting a lot of traction and the number of sites that supports https "all the way" is large and growing. It would be great to add perlmonks.org to the list: `$ ls https-everywhere/src/chrome/content/rules/*.xml \| wc -l 426` [download] Read more... (11 kB) -- No matter how great and destructive your problems may seem now, remember, you've probably only seen the tip of them. [1]	[reply] [d/l] [select]
Re^4: Requiring old password in order to change your password (https) by tye (Sage) on Jan 03, 2011 at 15:12 UTC
Yes, allowing https always is on the list after web server performance mitigation is sustained. - tye	[reply]
Re^4: Requiring old password in order to change your password (https) by Xilman (Hermit) on Jan 07, 2011 at 13:12 UTC
Count me in. I strongly support the widespread use of https.	[reply]

In Section Perl Monks Discussion