> [LOW] confirmed: When registering, http traffic for creating new user on loopback http://127.0.0.1:8888
And I wonder the same. Didn't really get that one, but yeah you may be right that they mean it should be https. I guess the risk is when an application can monitor loopback traffic, but you can only do that with special permissions or if you're root. The former case is exceptional, in the latter case you're pwned anyway and your keystrokes aren't safe either. So yeah, I don't know. Https might do a little bit extra... but I don't know.
> [LOW] confirmed: When registering, http traffic for creating new user on loopback http://127.0.0.1:8888
And I wonder the same. Didn't really get that one, but yeah you may be right that they mean it should be https. I guess the risk is when an application can monitor loopback traffic, but you can only do that with special permissions or if you're root. The former case is exceptional, in the latter case you're pwned anyway and your keystrokes aren't safe either. So yeah, I don't know. Https might do a little bit extra... but I don't know.