Emails sent from firstname.lastname@example.org contain HTTP links to tracker.pureos.net, thus vulnerable to MITM attacks when clicked.
- in notifications of tasks:
- in email verification link sent to new user that done registration.
Please verify that you own this email address (...........) by clicking this link: http://tracker.pureos.net/emailverify/xl............./
Change settings in tracker to use HTTPS links instead of HTTP, probably can acomplished by:
- a restart by "phd restart" may fix it, in case it's happening due to caching? see at:
https://secure.phabricator.com/T10848 [Notification mails containing old links after changing phabricator.base-uri]
- The code path of first example use 'phabricator.production-uri' config to determinate the URI to use, so set it in configuration with https URI, which can be done by command:
./bin/config set phabricator.production-uri HTTPSURIVALUE
where HTTPSURIVALUE is result of ./bin/config get phabricator.base-uri