Hi all, I agree with Taher, we should simply remove non-SSL access. The world is rapidly moving to SSL only.
It is now close to essential that passwords should be encrypted in transit for a serious system like OFBiz. Cheers Paul Foxworthy On 14 March 2017 at 07:18, Michael Brohl <michael.br...@ecomify.de> wrote: > Unfortunately I have not the time to dig deeper into this but I've got a > bad feeling about this and similar threads we had lately. > > Ports 8080 and 8443 are used for a long time without problems and it's a > common production setting if you run OFBiz behind a webserver connected > through AJP. I don't see any reason why we should not use port 8080 in > OFBiz, even it is getting more common to have everything on https. > > Even if this work is done in trunk, which is regarded as unstable, we > should take more care to commit consistent and working code instead of > using trunk as a playground and dumping place for unfinished work. > > I'm in favor to better not commit and wait until everything works as > expected instead of beginning work, committing and then leave it as is > because there is "no time to look at it right now". We can always use > branches for this kind of work. > > My apologies if I got this wrong but I feel uneasy with this approach. > > Best regards, > > Michael > > > Am 13.03.17 um 16:55 schrieb Taher Alkhateeb: > > I faced this issue again while trying some tests today, and I read your >> comments which refer to this as "not a bug". >> >> So my question is: if we should not use 8080 as the port, why is it >> enabled >> in the first place in OFBiz? why not disable it completely instead of >> confusing people. >> >> On Fri, Mar 3, 2017 at 10:49 PM, Taher Alkhateeb < >> slidingfilame...@gmail.com >> >>> wrote: >>> Okay so it seems this issue was introduced by your work based on what I >>> read in jira. I don't think you should apply code changes that cause >>> regressions like this one. >>> >>> On Mar 3, 2017 4:40 PM, "Jacques Le Roux" <jacques.le.r...@les7arts.com> >>> wrote: >>> >>> Le 02/03/2017 à 17:12, Jacques Le Roux a écrit : >>>> >>>> Le 02/03/2017 à 15:52, Taher Alkhateeb a écrit : >>>>> >>>>> I'm not sure who committed what, but now the automatic redirection from >>>>>> 8080 to 8443 ssl is broken. Jacques is this related to your work on >>>>>> port >>>>>> offset stuff? >>>>>> >>>>>> This is only with localhost, right? >>>>>> >>>>> If it's the case, I guess it's related to OFBIZ-9206 but I have no time >>>>> to look at it right now >>>>> >>>>> Jacques >>>>> >>>>> >>>>> See my comments at OFBIZ-9242 >>>>> >>>> Jacques >>>> >>>> >>>> > > -- Coherent Software Australia Pty Ltd PO Box 2773 Cheltenham Vic 3192 Australia Phone: +61 3 9585 6788 Web: http://www.coherentsoftware.com.au/ Email: i...@coherentsoftware.com.au
