Bug #75367 Enable secure communication by default for bugreports
Submitted: 31 Dec 2014 13:02 Modified: 12 Jul 2022 13:31
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Websites: bugs.mysql.com Severity:S3 (Non-critical)
Version: OS:Any
Assigned to: CPU Architecture:Any
Tags: Security, SSL, tls

[31 Dec 2014 13:02] Daniël van Eeden
Description:
Please enable SSL/TLS on bugs.mysql.com for all connections. 

Bugs might have private comments and may contain security vulnerabilities.

How to repeat:
Go to bugs.mysql.com and notice it doesn't use SSL by default

Suggested fix:
Enable SSL by default
[31 Dec 2014 13:28] MySQL Verification Team
Hello Daniël,

Thank you for the report.

Thanks,
Umesh
[31 Dec 2014 13:31] MySQL Verification Team
Related - http://bugs.mysql.com/bug.php?id=73457

Workaround - try browser specific plugins does this
[3 Jan 2015 11:36] Daniël van Eeden
Please also consider to use https url's in the email notifications.
[4 Jan 2015 10:52] Daniël van Eeden
If this is merged the HTTPS-Everywhere extension can be used to secure
the traffic to bugs.mysql.com
https://github.com/EFForg/https-everywhere/pull/865

Also: the automatically generated links to bugs should use https instead of http.