Forums | Mahara Community
21 December 2010, 3:16
Given the increased ease of HTTP session hijacking (e.g. the widespread availability of firesheep), and the relatively low cost of an SSL certificate, it would be really good if we could get an SSL certificate for mahara.org (and wiki.mahara.org too using subject alternative names).
In my opinion this is a security issue and is pretty easily addressed. Given the amount of work that's gone into the security at the design level, it seems a shame not to.