It would add to the security of a site (and its users, as their info is in the downloads...) if the download option could be restricted to SSL.
Perhaps as an optional submodule that would depend on the http://drupal.org/project/securepages module for that part?

Comments

Leeteq’s picture

(It would also help if there was a separate permission for using the download method, so that admins could enforce backing up only to the server, for example when SSL is not available.)

Leeteq’s picture

ronan’s picture

Issue summary: View changes
Status: Active » Closed (won't fix)

This is a great idea, but I think it might not be worth the effort. Frankly if you have the ability to run HTTPS on your site then all authenticated sessions should be run in https, not just B&M downloads.

Leeteq’s picture

@ronan: that is an opinion and a matter of site policy, and an entirely different discussion.

Would be preferable to postpone the wont-fix status a bit to allow some time for people to comment.