Re: HTTPS access to Bugzilla?

From: Derek Atkins <warlord MIT EDU>
To: Luis Villa <louie ximian com>
Cc: bugsquad <gnome-bugsquad gnome org>
Subject: Re: HTTPS access to Bugzilla?
Date: 21 Jul 2002 10:40:41 -0400

Well, I dont use a valued password, but the threat-model I have
is a shared network where using HTTPS for the whole session would
protect me (regardless of the actual security of Bugzilla).

Just running a "parallel" bugzilla on https://bugzilla.gnome.org
would solve my particular problem.  Is there any way to add mod_ssl
to the apache running there?  Using a self-signed cert would be
sufficient.  I can even help you set it up if you want.

Thanks,

-derek

Luis Villa <louie ximian com> writes:

> For a variety of reasons, Bugzilla is badly insecure. You should not be
> using a valued password in it, whether or not we offered https on the
> login page. I suppose this should probably be mentioned on the password
> creation page.
> Luis
> 
> On Tue, 2002-07-16 at 05:03, Derek Atkins wrote:
> > Hi,
> > 
> > I'm in a location where I do not trust my network access, and I do not
> > want to type my Bugzilla username/password over the network in the
> > clear.  How hard would it be for you guys to add an HTTPS service for
> > bugzilla?  Even a self-signed server cert would be better than
> > nothing.  If nothing else, using HTTPS for user-login would go a long
> > way if you don't want to allow protection of all bug-tracking
> > transactions.
> > 
> > Thanks,
> > 
> > -derek
> > -- 
> >        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> >        Member, MIT Student Information Processing Board  (SIPB)
> >        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
> >        warlord MIT EDU                        PGP key available
> > _______________________________________________
> > Gnome-bugsquad mailing list
> > Gnome-bugsquad gnome org
> > http://mail.gnome.org/mailman/listinfo/gnome-bugsquad
> > 
> 

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord MIT EDU                        PGP key available

Follow-Ups:
- Re: HTTPS access to Bugzilla?
  - From: Luis Villa

References:
- HTTPS access to Bugzilla?
  - From: Derek Atkins
- Re: HTTPS access to Bugzilla?
  - From: Luis Villa

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]