Previous Entry Share Next Entry
Heartbleed
querki
jducoeur wrote in querki_project
In case anyone is following the news and cares: yes, we know about the Heartbleed bug, and yes, we updated to fix it yesterday. Aaron keeps on top of this stuff...
Tags:

  • 1
...https://www.querki.net redirects back to http:. The login form doesn't submit via https, either.

Firefox, Mac OS, just now.

The redirect back is known and by design for the moment (we don't have sufficient infrastructure for full HTTPS yet). At the moment, only login is via HTTPS. Yes, that'll change in due course.

The login form issue -- this is from the index page? That's a dumb bug that I recently introduced we'll get fixed: thanks for pointing it out. (I recently added the login area to the front page, effectively deprecating the original login page, and neglected to communicate that properly to IT; mea culpa, and a lesson to me.)

But AFAIK the main upshot of that is that it just plain doesn't work. It's failing (correctly) for me, because it's trying to submit via HTTP, and should only be allowing HTTPS. I *believe* that successful login currently requires the original login page...

Now properly fixed. Thanks for pointing it out...

Yup. updated my servers yesterday. Still talking to the central network guys about getting a new cert, but at least passwords are handled through another system.

  • 1
?

Log in

No account? Create an account