Re: HTTPS access to Bugzilla?

From: Luis Villa <louie ximian com>
To: Derek Atkins <warlord MIT EDU>
Cc: bugsquad <gnome-bugsquad gnome org>
Subject: Re: HTTPS access to Bugzilla?
Date: 21 Jul 2002 11:25:29 -0400

On Sun, 2002-07-21 at 10:40, Derek Atkins wrote:
> Well, I dont use a valued password, but the threat-model I have
> is a shared network where using HTTPS for the whole session would
> protect me (regardless of the actual security of Bugzilla).
> 
> Just running a "parallel" bugzilla on https://bugzilla.gnome.org
> would solve my particular problem.  Is there any way to add mod_ssl
> to the apache running there?  Using a self-signed cert would be
> sufficient.  I can even help you set it up if you want.

I'm afraid I really don't understand what this additional administrative
overhead for us buys anyone, including you.
Luis
 
> Luis Villa <louie ximian com> writes:
> 
> > For a variety of reasons, Bugzilla is badly insecure. You should not be
> > using a valued password in it, whether or not we offered https on the
> > login page. I suppose this should probably be mentioned on the password
> > creation page.
> > Luis
> > 
> > On Tue, 2002-07-16 at 05:03, Derek Atkins wrote:
> > > Hi,
> > > 
> > > I'm in a location where I do not trust my network access, and I do not
> > > want to type my Bugzilla username/password over the network in the
> > > clear.  How hard would it be for you guys to add an HTTPS service for
> > > bugzilla?  Even a self-signed server cert would be better than
> > > nothing.  If nothing else, using HTTPS for user-login would go a long
> > > way if you don't want to allow protection of all bug-tracking
> > > transactions.
> > > 
> > > Thanks,
> > > 
> > > -derek
> > > -- 
> > >        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > >        Member, MIT Student Information Processing Board  (SIPB)
> > >        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
> > >        warlord MIT EDU                        PGP key available
> > > _______________________________________________
> > > Gnome-bugsquad mailing list
> > > Gnome-bugsquad gnome org
> > > http://mail.gnome.org/mailman/listinfo/gnome-bugsquad
> > > 
> > 
> 
> -- 
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord MIT EDU                        PGP key available
>

Follow-Ups:
- Re: HTTPS access to Bugzilla?
  - From: Derek Atkins

References:
- HTTPS access to Bugzilla?
  - From: Derek Atkins
- Re: HTTPS access to Bugzilla?
  - From: Luis Villa
- Re: HTTPS access to Bugzilla?
  - From: Derek Atkins

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]