I would prefer a link to download the CA cert, which I can then install for all my browsers/SCMs/whatever as needed.
- a'moaca'
ToDo: Mercurial Repository
Re: ToDo: Mercurial Repository
I'd agree that there's generally less hassle doing that. For most browsers, it's probably a lot easier to explain that process, than the "on the fly" method.
Mac_Fife
OpenUru.org wiki wrangler
OpenUru.org wiki wrangler
Re: ToDo: Mercurial Repository
It's a fine question, one I asked myself a couple of times as I went through the setup.Mac_Fife wrote:I'll play Devil's Advocate here, just to test the argument that HTTPS is a necessity: If using a secure connection is going to cause complications, then how greatly concerned should we (or other users) be concerned about sending authentication details in the clear? We don't do this for the forums or wiki, and nor do many other sites. The repos are maybe a little more sensitive than forums, but surely the only really unrecoverable damage, should an account be compromised, would be if someone got enough access to completely wipe a repo?
If it were just my content, I wouldn't worry about it; as long as I let visitors know that usernames and passwords were less secure.
But since the foundry is holding other peoples content, I felt held to a higher standard. I am still open to avoiding the whole SSL scene, but it should be a decision by all the invested parties, not just myself by fiat.
That was the factor I used in deciding to go ahead with HTTPS.
[Reverting back is not a big issue at all; comment out an include directive in the apache config file and it's done]
_R
One of the OpenUru toolsmiths... a bookbinder.
Re: ToDo: Mercurial Repository
Why would you say that? I just did an 'hg verify' and everything checked out correctly. File permissions for the web interface seem OK.JWPlatt wrote:Did I break the repo?
I'll catch up on other messages and then look closer.
_R
One of the OpenUru toolsmiths... a bookbinder.
Re: ToDo: Mercurial Repository
I should have said "JIRA" instead of "repo." All was frozen - JIRA, repo, everything - not long after I got done. And it works now, shortly after your post. I'll assume you found something, or the quantum effect of your presence - a common effect I often encounter - fixed things through a Heisenberg corallary of observation.rarified wrote:Why would you say that?
Perfect speed is being there.
Re: ToDo: Mercurial Repository
I didn't do anything, but I wonder; fisheye would have been periodically polling CWE to catalog changes, and you did check in a few changes.
I'll look in a little while at the JIRA logs. Looks like HTTPS redirection is a bit flaky with fisheye right now -- JIRA can access FE, but going to FE directly hangs. Looks like a loop with interaction between Redirect ..., Alias ..., and ProxyPass{,Reverse} involved.
_R
I'll look in a little while at the JIRA logs. Looks like HTTPS redirection is a bit flaky with fisheye right now -- JIRA can access FE, but going to FE directly hangs. Looks like a loop with interaction between Redirect ..., Alias ..., and ProxyPass{,Reverse} involved.
_R
One of the OpenUru toolsmiths... a bookbinder.
Re: ToDo: Mercurial Repository
I found Fisheye seemed to be dropping all CSS when I tried to view source through the JIRA menus.
https is a bother, but:
Regarding https and the question of using it only for logons, I found this:
http://confluence.atlassian.com/pages/v ... =158106208 (How do I use HTTPS for login only?)
Which led me here:
http://jira.atlassian.com/browse/CONF-18120 (Unable to use HTTPS for login only) which explains why Atlassian won't implement logon-only https:
https is a bother, but:
Regarding https and the question of using it only for logons, I found this:
http://confluence.atlassian.com/pages/v ... =158106208 (How do I use HTTPS for login only?)
Which led me here:
http://jira.atlassian.com/browse/CONF-18120 (Unable to use HTTPS for login only) which explains why Atlassian won't implement logon-only https:
Something Sherif Mansour did not mention was wireless. A lot of people still think in the wired domain when they assume you practically have to work for an ISP to get easy access to sniff traffic somewhere between client and server. Wireless, now pervasive, is the security killer. Anyone can do it anywhere.Sherif Mansour wrote:...The main customer feedback we have received on this issue primarily revolves around the use case of customers who wish to protect their LDAP credentials, but aren't as concerned about session hijacking. Unfortunately, this is a misconception of the security provided by using HTTPS for login only. If the "remember me" functionality is used - it is possible that anyone can intercept network traffic (after login) and can decrypt the users credentials. This is due to the way that the "remember me" functionality works.
It is due to this and all the additional reasons around the support of HTTPS for login only that we will not be implementing this feature.
Perfect speed is being there.
Re: ToDo: Mercurial Repository
Try now. I've removed some optimizations that had Apache itself serving static fisheye content directly, which I think is where the Alias loop occurred. Now fisheye will serve everything FE related. Seemed to work smoothly from my end.JWPlatt wrote:I found Fisheye seemed to be dropping all CSS when I tried to view source through the JIRA menus.
_R
One of the OpenUru toolsmiths... a bookbinder.