Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-361

redirects from secure https to http when pushing

    XMLWordPrintable

Details

    Description

      Here's some output from a push:

      $ hg push
      pushing to https://groks@bitbucket.org/naviserver/nsdbilite\\
      real URL is http://bitbucket.org/naviserver/nsdbilite/\\
      ...

      Notice that the 's' was dropped from 'https' at the start. hg asks for my password and the push succeeds.

      I didn't try sniffing, but does this mean my password was sent in the clear?

      Two bugs here: one is mercurial's – it shouldn't switch from ssl to non-ssl when sending a password without complaining loudly. The other is bitbucket's – need to be careful not to drop the https protocol when redirecting.

      Attachments

        Activity

          People

            18103154f924 jespern
            legacy-bitbucket-user Legacy Bitbucket Cloud User (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: