Having worked with SSL and HTTPS on my own servers now I think I've come
up with a semi decent idea to help secure OSGeo username/passwords a
little more.
We could implement SSL/HTTPS for all logins.
How does this differ from the current situation?
Well on Trac login is only over SSL if you choose to visit the site at
https. Some people have stated that for speed purposes they need to be
able to work authenticated but under http. So what I'm proposing is
redirect only the login links to https.
trac.osgeo.org (Wildcard match */login)
wiki.osgeo.org (Yes I know this isn't OSGeo LDAP, yet)
etc (I'm sure I missed some other services)
Note, this idea has already been done on osgeo.org and only requires a
small adjustment to apache vhost files.
Should be fairly easy to implement and I think will make a few of our
users happy, and protect a great many more who don't even realize it.
I think you should go ahead and try it. Just let us know on
the list what you do so it can be backed out if it causes
problems.
Best regards,
On Fri, Aug 12, 2011 at 12:48 PM, Alex Mandel
<tech_dev@wildintellect.com> wrote:
Having worked with SSL and HTTPS on my own servers now I think I've come
up with a semi decent idea to help secure OSGeo username/passwords a
little more.
We could implement SSL/HTTPS for all logins.
How does this differ from the current situation?
Well on Trac login is only over SSL if you choose to visit the site at
https. Some people have stated that for speed purposes they need to be
able to work authenticated but under http. So what I'm proposing is
redirect only the login links to https.
trac.osgeo.org (Wildcard match */login)
wiki.osgeo.org (Yes I know this isn't OSGeo LDAP, yet)
etc (I'm sure I missed some other services)
Note, this idea has already been done on osgeo.org and only requires a
small adjustment to apache vhost files.
Should be fairly easy to implement and I think will make a few of our
users happy, and protect a great many more who don't even realize it.
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | Geospatial Software Developer