Skip to content
This repository has been archived by the owner. It is now read-only.

ssl for trac #3914

Closed
openstreetmap-trac opened this issue Jul 23, 2021 · 6 comments
Closed

ssl for trac #3914

openstreetmap-trac opened this issue Jul 23, 2021 · 6 comments

Comments

@openstreetmap-trac
Copy link

@openstreetmap-trac openstreetmap-trac commented Jul 23, 2021

Reporter: skyper
[Submitted to the original trac issue database at 12.40pm, Tuesday, 19th July 2011]

Please, provide ssl.

I do not like to browse and submit data unsecured.

Thanks a lot.

@openstreetmap-trac
Copy link
Author

@openstreetmap-trac openstreetmap-trac commented Jul 23, 2021

Author: TomH
[Added to the original trac issue at 1.15pm, Tuesday, 19th July 2011]

Please stick to one issue per ticket.

For the record, trac and www already use SSL for sensitive data so no changes are planned there.

If you wish to raise a new ticket for the wiki login to be put under SSL then please feel free to do so.

@openstreetmap-trac
Copy link
Author

@openstreetmap-trac openstreetmap-trac commented Jul 23, 2021

Author: skyper
[Added to the original trac issue at 3.47pm, Wednesday, 20th July 2011]

Replying to [comment:1 TomH]:

Please stick to one issue per ticket.

Then you and me would have to comment at least three tickets but if you prefere that. I thought this is one case for all.

For the record, trac and www already use SSL for sensitive data so no changes are planned there.

Yes, if you say that the password is the only sensitive data. The username is later transmitted from the server if you are logged in or did I get something wrong.

What I meant is a general possibility to use https instead of http at least at all "edit" pages but I would prefer it for all pages.

If you wish to raise a new ticket for the wiki login to be put under SSL then please feel free to do so.

Thanks, I did not notice that cause I trimmed script blocker.

I opened [ticket/#3919]

@openstreetmap-trac
Copy link
Author

@openstreetmap-trac openstreetmap-trac commented Jul 23, 2021

Author: TomH
[Added to the original trac issue at 3.51pm, Wednesday, 20th July 2011]

There are very good reasons for not putting the whole of www under https - it would be very expensive from a CPU point of view.

If you think your username is "sensitive" then you are clearly confused, as it can be seen by anybody that wishes to browse your edits, diary entries etc and is included in every planet dump we publish.

@openstreetmap-trac
Copy link
Author

@openstreetmap-trac openstreetmap-trac commented Jul 23, 2021

Author: skyper
[Added to the original trac issue at 5.26pm, Wednesday, 20th July 2011]

Replying to [comment:3 TomH]:

There are very good reasons for not putting the whole of www under https - it would be very expensive from a CPU point of view.

Ok, how about trac and wiki ?

If you think your username is "sensitive" then you are clearly confused, as it can be seen by anybody that wishes to browse your edits, diary entries etc and is included in every planet dump we publish.

There is only a connection between the username and a IP while logged in or commiting data. Would be nice if at least this information is secure transmitted (I know the api has no ssl, too).

@openstreetmap-trac
Copy link
Author

@openstreetmap-trac openstreetmap-trac commented Jul 23, 2021

Author: skyper
[Added to the original trac issue at 9.52pm, Wednesday, 20th July 2011]

Ooohps

The wiki is working with https.

I drop it for www but support for trac would be nice

@openstreetmap-trac
Copy link
Author

@openstreetmap-trac openstreetmap-trac commented Jul 23, 2021

Author: skyper
[Added to the original trac issue at 5.34am, Monday, 13th August 2012]

trac has ssl support for some time now.

There are solution with loopback proxies to cache internal and still transmit with ssl support. E.g. even for www it would be possible to offer ssl support.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant