Opened 8 years ago

Closed 7 years ago

#3914 closed enhancement (fixed)

ssl for trac

Reported by: skyper Owned by: Tom Hughes
Priority: major Milestone:
Component: admin Version:
Keywords: Cc: skyper

Description

Please, provide ssl.

I do not like to browse and submit data unsecured.

Thanks a lot.

Change History (8)

comment:1 Changed 8 years ago by Tom Hughes

Resolution: wontfix
Status: newclosed

Please stick to one issue per ticket.

For the record, trac and www already use SSL for sensitive data so no changes are planned there.

If you wish to raise a new ticket for the wiki login to be put under SSL then please feel free to do so.

comment:2 in reply to:  1 Changed 8 years ago by skyper

Priority: criticalmajor
Resolution: wontfix
Status: closedreopened

Replying to TomH:

Please stick to one issue per ticket.

Then you and me would have to comment at least three tickets but if you prefere that. I thought this is one case for all.

For the record, trac and www already use SSL for sensitive data so no changes are planned there.

Yes, if you say that the password is the only sensitive data. The username is later transmitted from the server if you are logged in or did I get something wrong.

What I meant is a general possibility to use https instead of http at least at all "edit" pages but I would prefer it for all pages.

If you wish to raise a new ticket for the wiki login to be put under SSL then please feel free to do so.

Thanks, I did not notice that cause I trimmed script blocker.

I opened [ticket/#3919]

comment:3 Changed 8 years ago by Tom Hughes

There are very good reasons for not putting the whole of www under https - it would be very expensive from a CPU point of view.

If you think your username is "sensitive" then you are clearly confused, as it can be seen by anybody that wishes to browse your edits, diary entries etc and is included in every planet dump we publish.

comment:4 in reply to:  3 Changed 8 years ago by skyper

Replying to TomH:

There are very good reasons for not putting the whole of www under https - it would be very expensive from a CPU point of view.

Ok, how about trac and wiki ?

If you think your username is "sensitive" then you are clearly confused, as it can be seen by anybody that wishes to browse your edits, diary entries etc and is included in every planet dump we publish.

There is only a connection between the username and a IP while logged in or commiting data. Would be nice if at least this information is secure transmitted (I know the api has no ssl, too).

comment:5 Changed 8 years ago by skyper

Summary: ssl for trac, wiki and www.ssl for trac

Ooohps

The wiki is working with https.

I drop it for www but support for trac would be nice

comment:6 Changed 7 years ago by skyper

Resolution: fixed
Status: reopenedclosed

trac has ssl support for some time now.

There are solution with loopback proxies to cache internal and still transmit with ssl support. E.g. even for www it would be possible to offer ssl support.

comment:7 Changed 7 years ago by skyper

Resolution: fixed
Status: closedreopened

comment:8 Changed 7 years ago by Tom Hughes

Resolution: fixed
Status: reopenedclosed
Note: See TracTickets for help on using tickets.