default configuration of squirrelmail-secure-login doesn't work
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
squirrelmail-secure-login (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: squirrelmail-
The secure-
even though, as noted in
/usr/share/
If you turn on $change_
because by default, SquirrelMail 1.5 will only transmit cookies
securely if the user's session started under https://. If you
really want to revert to an unencrypted connection after user
login, you need to run the SquirrelMail configuration utility
and change the "Only secure cookies if poss." setting (under
"General Options") to "false".
It would be more user-friendly to provide a default configuration that
is compatible with the default configuration of squirrelmail. Also,
change_
I'm on intrepid, with squirrelmail 2:1.4.15-3ubuntu0.1 and squirrelmail-
Hi,
thanks for your bug report!
On Sun, Jan 25, 2009 at 11:44:16PM -0000, J. Bruce Fields wrote: back_to_ http_after_ login = 0 seems the more conservative default.
> It would be more user-friendly to provide a default configuration that
> is compatible with the default configuration of squirrelmail. Also,
> change_
As you correctly quoted from README.gz this is default behaviour for
SquirrelMail 1.5.2 and above. That is as a matter of fact the
development branch of SquirrelMail aud thus part of Debian's
experimental tree. It is not to be included in Debian's distribution
(for a stable release) until it reaches a more stable state (and changes
its release number to 1.6 or even 2.0).
> I'm on intrepid, with squirrelmail 2:1.4.15-3ubuntu0.1 and squirrelmail-
> secure-login 1.4-1.
Right, Debian and Ubuntu ship with SquirrelMail 1.4.x and here the
standard configuration makes sense (at least under some circumstances).
It might be true that most users find it reasonable to have back_to_ http_after_ login set to 0 but I don't think it's that a
change_
big deal to simply change it. :)
Since Debian is in hard freeze for its next release I'm not going to
change default configuration now. I'll talk to upstream when a new
version comes up about changing it there.
Hauke