[JIRA] (OVIRT-2140) enforce SSL on resources.ovirt.org
by Marc Dequènes (Duck) (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-2140?page=com.atlassian.jir... ]
Marc Dequènes (Duck) commented on OVIRT-2140:
---------------------------------------------
[~accountid:557058:2dee8503-051b-4630-8a75-2c544524dce8] with the above security concerns then YES we need to do it and infosec just came at my door to ask for the progress, so we’d better prioritize this task before one day we’re told to shutdown the service altogether.
> enforce SSL on resources.ovirt.org
> ----------------------------------
>
> Key: OVIRT-2140
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2140
> Project: oVirt - virtualization made easy
> Issue Type: Improvement
> Reporter: Evgheni Dereveanchin
> Assignee: infra
>
> SSL was enabled on Resources with OVIRT-1472, this ticket is to transform the non-SSL virtual hosts into redirects to the SSL version
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100108)
5 years, 3 months
[JIRA] (OVIRT-2140) enforce SSL on resources.ovirt.org
by Marc Dequènes (Duck) (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-2140?page=com.atlassian.jir... ]
Marc Dequènes (Duck) commented on OVIRT-2140:
---------------------------------------------
[~accountid:557058:caa507e4-2696-4f45-8da5-d2585a4bb794] signed packages on HTTP are not safe because old releases are also valid thus it’s possible to do replay attacks by providing older and security buggy packages. it’s better but not sufficient.
> enforce SSL on resources.ovirt.org
> ----------------------------------
>
> Key: OVIRT-2140
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2140
> Project: oVirt - virtualization made easy
> Issue Type: Improvement
> Reporter: Evgheni Dereveanchin
> Assignee: infra
>
> SSL was enabled on Resources with OVIRT-1472, this ticket is to transform the non-SSL virtual hosts into redirects to the SSL version
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100108)
5 years, 3 months