[Development] Gerrit HTTP vs HTTPS

Giovanni Bajo rasky at develer.com
Wed Oct 26 11:12:36 CEST 2011


I'm not sure what's the correct "meta-list" now (list for discussion on the qt-project itself), so I'm posting there. I apologize in advance if it is not the correct list.

Gerrit is available on both http:// and https://, but since it's using HTTP basic-auth, passwords are transmitted in clear over the wire. Does the non-secure instance serve any purpose? Otherwise, I guess it's better to disable it, or at least change it to a redirector to the secure instance.

Giovanni Bajo   ::  rasky at develer.com
Develer S.r.l.  ::  http://www.develer.com

My Blog: http://giovanni.bajo.it

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4819 bytes
Desc: not available
URL: <http://lists.qt-project.org/pipermail/development/attachments/20111026/f567b461/attachment.bin>

More information about the Development mailing list