Hi,
I planned to report a bug concerning building QGIS trunk on my (my
wife's) PeeCee at home and while loggin into "hub.qgis.org/login" I
noticed that this site:
a) Apparently authenticates against OSGeo LDAP, but
b) is not capable of properly retrieving the real name and EMail
address from OSGeo LDAP,
c) does *not* enforce HTTP SSL encryption at login and, moreover
d) does not even *permit* HTTP SSL encryption at login.
While b) just lets you *look* bad, c) is very bad style and d) is very
bad overall, because you're compromising OSGeo passwords. Please
*always* add proper encryption whenever authentication is affected.
Thanks,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
Hi,
I planned to report a bug concerning building QGIS trunk on my (my
wife's) PeeCee at home and while loggin into "hub.qgis.org/login" I
noticed that this site:
a) Apparently authenticates against OSGeo LDAP, but
b) is not capable of properly retrieving the real name and EMail
address from OSGeo LDAP,
c) does *not* enforce HTTP SSL encryption at login and, moreover
d) does not even *permit* HTTP SSL encryption at login.
While b) just lets you *look* bad, c) is very bad style and d) is very
bad overall, because you're compromising OSGeo passwords. Please
*always* add proper encryption whenever authentication is affected.
Thanks,
Martin.
Yup, I've been aware of it and have been constantly asking the qgis PSC
to sign up for a free SSL cert from StartSSL. I can sign up for the cert
and just have it emailed to me but much preferred that the qgis admins
had the account it was under.
Hi,
I planned to report a bug concerning building QGIS trunk on my (my
wife's) PeeCee at home and while loggin into "hub.qgis.org/login" I
noticed that this site:
a) Apparently authenticates against OSGeo LDAP, but
b) is not capable of properly retrieving the real name and EMail
address from OSGeo LDAP,
c) does *not* enforce HTTP SSL encryption at login and, moreover
d) does not even *permit* HTTP SSL encryption at login.
While b) just lets you *look* bad, c) is very bad style and d) is very
bad overall, because you're compromising OSGeo passwords. Please
*always* add proper encryption whenever authentication is affected.
Thanks,
Martin.
Yup, I've been aware of it and have been constantly asking the qgis PSC
to sign up for a free SSL cert from StartSSL. I can sign up for the cert
and just have it emailed to me but much preferred that the qgis admins
had the account it was under.
Thanks,
Alex
Now that I'm thinking about it and poking around, anyone have the
account details for where we bought the osgeo cert. I wanted to see if
that covered additional domains or not.