OFBiz OFBiz - Dev

docs.ofbiz.org

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Tim Ruppert
Reply | Threaded
Open this post in threaded view
|

docs.ofbiz.org

Tim Ruppert
Just wondering if we can / should start using the https on docs.ofbiz.org?  I noticed that when you log in, it just goes back to http - and now that we have a valid cert, shouldn't we change this?

Let me know your thoughts.

Cheers,
Tim
--
Tim Ruppert
HotWax Media
http://www.hotwaxmedia.com

o:801.649.6594
f:801.649.6595
Ean Schuessler
Reply | Threaded
Open this post in threaded view
|

Re: docs.ofbiz.org

Ean Schuessler
Is the concern that someone would spoof the doc content?

----- "Tim Ruppert" wrote:
> Just wondering if we can / should start using the https on docs.ofbiz.org? I noticed that when you log in, it just goes back to http - and now that we have a valid cert, shouldn't we change this?
> Let me know your thoughts.

--
Ean Schuessler, CTO Brainfood.com
[hidden email] - http://www.brainfood.com - 214-720-0700 x 315
Jacques Le Roux
Reply | Threaded
Open this post in threaded view
|

Re: docs.ofbiz.org

Jacques Le Roux
Administrator
In reply to this post by Tim Ruppert
Using https can't hurt IMHO

Jacques

From: "Tim Ruppert" <[hidden email]>

> Just wondering if we can / should start using the https on docs.ofbiz.org?  I noticed that when you log in, it just goes back to
> http - and now that we have a valid cert, shouldn't we change this?
>
> Let me know your thoughts.
>
> Cheers,
> Tim
> --
> Tim Ruppert
> HotWax Media
> http://www.hotwaxmedia.com
>
> o:801.649.6594
> f:801.649.6595
>


David E Jones-3
Reply | Threaded
Open this post in threaded view
|

Re: docs.ofbiz.org

David E Jones-3
In reply to this post by Ean Schuessler

Without SSL it is certainly more vulnerable to things like session  
hijacking, but this is a fairly open site where any can read anything,  
and just writing is restricted in certain places.

I personally don't like the SSL idea a whole lot because it slows  
things down a lot (ie images/css/etc are not cached, etc), and I'm not  
sure if there are any "clear and present" dangers for this site...

-David


On Apr 16, 2009, at 11:07 AM, Ean Schuessler wrote:

> Is the concern that someone would spoof the doc content?
>
> ----- "Tim Ruppert" wrote:
>> Just wondering if we can / should start using the https on  
>> docs.ofbiz.org? I noticed that when you log in, it just goes back  
>> to http - and now that we have a valid cert, shouldn't we change  
>> this?
>> Let me know your thoughts.
>
> --
> Ean Schuessler, CTO Brainfood.com
> [hidden email] - http://www.brainfood.com - 214-720-0700 x 315

Tim Ruppert
Reply | Threaded
Open this post in threaded view
|

Re: docs.ofbiz.org

Tim Ruppert
In reply to this post by Ean Schuessler
No concern on spoofing - just wondering why it's all http instead of https - and now that we have a cert - let's go https.  Any objections let me know - but I'll likely roll this out today as well.

Cheers,
Tim
--
Tim Ruppert
HotWax Media
http://www.hotwaxmedia.com

o:801.649.6594
f:801.649.6595

----- "Ean Schuessler" <[hidden email]> wrote:

> Is the concern that someone would spoof the doc content?
>
> ----- "Tim Ruppert" wrote:
> > Just wondering if we can / should start using the https on
> docs.ofbiz.org? I noticed that when you log in, it just goes back to
> http - and now that we have a valid cert, shouldn't we change this?
> > Let me know your thoughts.
>
> --
> Ean Schuessler, CTO Brainfood.com
> [hidden email] - http://www.brainfood.com - 214-720-0700 x 315
Tim Ruppert
Reply | Threaded
Open this post in threaded view
|

Re: docs.ofbiz.org

Tim Ruppert
In reply to this post by David E Jones-3
My personal opinion is that I like to enter my password on all site with SSL - but hell I could be naive enough to think that might help :)  Anyways, I'm doing a bunch of OFBiz related things this morning - one of which is this unless I get some overwhelming response that echoes David's concerns.  Lemme know - I'll put it lower down in the queue for sure.

Cheers,
Tim
--
Tim Ruppert
HotWax Media
http://www.hotwaxmedia.com

o:801.649.6594
f:801.649.6595

----- "David E Jones" <[hidden email]> wrote:

> Without SSL it is certainly more vulnerable to things like session  
> hijacking, but this is a fairly open site where any can read anything,
>  
> and just writing is restricted in certain places.
>
> I personally don't like the SSL idea a whole lot because it slows  
> things down a lot (ie images/css/etc are not cached, etc), and I'm not
>  
> sure if there are any "clear and present" dangers for this site...
>
> -David
>
>
> On Apr 16, 2009, at 11:07 AM, Ean Schuessler wrote:
>
> > Is the concern that someone would spoof the doc content?
> >
> > ----- "Tim Ruppert" wrote:
> >> Just wondering if we can / should start using the https on  
> >> docs.ofbiz.org? I noticed that when you log in, it just goes back
>
> >> to http - and now that we have a valid cert, shouldn't we change  
> >> this?
> >> Let me know your thoughts.
> >
> > --
> > Ean Schuessler, CTO Brainfood.com
> > [hidden email] - http://www.brainfood.com - 214-720-0700 x 315
Malin Nicolas
Reply | Threaded
Open this post in threaded view
|

Re: docs.ofbiz.org

Malin Nicolas
In reply to this post by Tim Ruppert
Thanks Tim for this operation.

Tim Ruppert a écrit :

> No concern on spoofing - just wondering why it's all http instead of https - and now that we have a cert - let's go https.  Any objections let me know - but I'll likely roll this out today as well.
>
> Cheers,
> Tim
> --
> Tim Ruppert
> HotWax Media
> http://www.hotwaxmedia.com
>
> o:801.649.6594
> f:801.649.6595
>
> ----- "Ean Schuessler" <[hidden email]> wrote:
>
>  
>> Is the concern that someone would spoof the doc content?
>>
>> ----- "Tim Ruppert" wrote:
>>    
>>> Just wondering if we can / should start using the https on
>>>      
>> docs.ofbiz.org? I noticed that when you log in, it just goes back to
>> http - and now that we have a valid cert, shouldn't we change this?
>>    
>>> Let me know your thoughts.
>>>      
>> --
>> Ean Schuessler, CTO Brainfood.com
>> [hidden email] - http://www.brainfood.com - 214-720-0700 x 315
>>    
>
>  


--
Nicolas MALIN
Consultant
Tél : 06.17.66.40.06
Site projet : http://www.neogia.org/
-------
Société LibrenBerry
Tél : 02.48.02.56.12
Site : http://www.librenberry.net/
BJ Freeman
Reply | Threaded
Open this post in threaded view
|

Re: docs.ofbiz.org

BJ Freeman
In reply to this post by Tim Ruppert
I have a bunch of urls in my favorites I look up stuff.
so hopefully there will be a redirect to the https
that is my only concern.

Tim Ruppert sent the following on 4/17/2009 7:43 AM:

> No concern on spoofing - just wondering why it's all http instead of https - and now that we have a cert - let's go https.  Any objections let me know - but I'll likely roll this out today as well.
>
> Cheers,
> Tim
> --
> Tim Ruppert
> HotWax Media
> http://www.hotwaxmedia.com
>
> o:801.649.6594
> f:801.649.6595
>
> ----- "Ean Schuessler" <[hidden email]> wrote:
>
>> Is the concern that someone would spoof the doc content?
>>
>> ----- "Tim Ruppert" wrote:
>>> Just wondering if we can / should start using the https on
>> docs.ofbiz.org? I noticed that when you log in, it just goes back to
>> http - and now that we have a valid cert, shouldn't we change this?
>>> Let me know your thoughts.
>> --
>> Ean Schuessler, CTO Brainfood.com
>> [hidden email] - http://www.brainfood.com - 214-720-0700 x 315
>
>
Tim Ruppert
Reply | Threaded
Open this post in threaded view
|

Re: docs.ofbiz.org

Tim Ruppert
The https won't be an issue unless you're logged in. If you just got to it - it will be as open as it always was.  Just going to make it work like a regular website with HTTPS.

Cheers,
Tim
--
Tim Ruppert
HotWax Media
http://www.hotwaxmedia.com

o:801.649.6594
f:801.649.6595

----- "BJ Freeman" <[hidden email]> wrote:

> I have a bunch of urls in my favorites I look up stuff.
> so hopefully there will be a redirect to the https
> that is my only concern.
>
> Tim Ruppert sent the following on 4/17/2009 7:43 AM:
> > No concern on spoofing - just wondering why it's all http instead of
> https - and now that we have a cert - let's go https.  Any objections
> let me know - but I'll likely roll this out today as well.
> >
> > Cheers,
> > Tim
> > --
> > Tim Ruppert
> > HotWax Media
> > http://www.hotwaxmedia.com
> >
> > o:801.649.6594
> > f:801.649.6595
> >
> > ----- "Ean Schuessler" <[hidden email]> wrote:
> >
> >> Is the concern that someone would spoof the doc content?
> >>
> >> ----- "Tim Ruppert" wrote:
> >>> Just wondering if we can / should start using the https on
> >> docs.ofbiz.org? I noticed that when you log in, it just goes back
> to
> >> http - and now that we have a valid cert, shouldn't we change this?
>
> >>> Let me know your thoughts.
> >> --
> >> Ean Schuessler, CTO Brainfood.com
> >> [hidden email] - http://www.brainfood.com - 214-720-0700 x 315
> >
> >
Free forum by Nabble Edit this page