[Dune-devel] HTTPS for authenticated Git
Oliver Sander
sander at igpm.rwth-aachen.de
Wed Aug 14 12:28:39 CEST 2013
Hi Steffen,
I don't think that the hassle involved is very big.
Best,
Oliver
Am 14.08.2013 12:15, schrieb Steffen Müthing:
> Hi everybody,
>
> as I've posted over on the general list, we now have Git (and everything else) over HTTPS without annoying warnings
> saying "This website will make your computer explode!".
>
> Now the question is: Do we make it mandatory for those parts that require a login? For Flyspray, we would have to
> completely switch to HTTPS because it uses form- and cookie-based authentication. I'd say go ahead on that one.
>
> For Git, the situation is slightly different. In that case, the easiest setup would be to flat out reject any authenticated
> access over unencrypted HTTP and serve a 403 forbidden response. That would force every developer to manually
> adjust their remote URLs in the repository configs. I really don't care either way on that one - it improves security, but
> is a (one-time) hassle for all developers. Opinions?
>
> Best,
>
> Steffen
>
>
>
> _______________________________________________
> Dune-devel mailing list
> Dune-devel at dune-project.org
> http://lists.dune-project.org/mailman/listinfo/dune-devel
>
More information about the Dune-devel
mailing list