On 30.06.2011 07:11, David Zülke wrote: > May I suggest that the interface doesn't redirect to https:// by default? > http:// plays much nicer with proxies, and browsers cache resources to disk, > which is helpful not only on slow connections :)
Newish browsers do cache to disk if the Cache-Control header has the "public" directive in it. > The bug report form and anything else that transmits a password or similar > could of course still be done via https://. What about session cookies? Full-https is the only safe thing really. Cheers -- Jordi Boggiano @seldaek - http://nelm.io/jordi -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
