Transmission of unencrypted passwords

Added by Michael Preston about 8 years ago

When logging in to the server via my browser, Redmine transmits the password unencrypted. (We have enabled LDAP.) Is there any function or setting that encrypts the password?

We tried changing the protocol in the settings to HTTPS and the path, but were unable to access Redmine via the IE browser.

Replies (3)

RE: Transmission of unencrypted passwords - Added by Mario Scondo about 8 years ago

Hello Michael,

I've got two questions:

  • Did you try to utilize another web browser?
  • How did you configure the HTTPS interface?

RE: Transmission of unencrypted passwords - Added by Michael Preston about 8 years ago

Hello,

1. No -- in our organization, the only authorized browser is IE.

2. In Settings -> General, we chose HTTPS from the Protocol dropdown list. In Host Name and Path, we changed the port number to 443, since the HTTPS security certificate binds with that port number. However, when we attempt to access the new path via our browser, we are unable to access Redmine. We get a 404 error.

RE: Transmission of unencrypted passwords - Added by Mario Scondo about 8 years ago

This sounds like a problem with the upstream proxy, when you are utilizing a server like Apache or Nginx in front of your Redmine installation. In this case you have to make sure you are forwarding the requests to the correct backend server.

(1-3/3)