On 04.09.2013 22:16, M.-A. Lemburg wrote: > On 03.09.2013 16:49, M.-A. Lemburg wrote: >> Since the HTTPS redirect are now mostly working (there are still some >> details to be worked out), I've removed the wiki banners about the >> attack and instead added a section to the front pages of the Python >> and Jython wikis. >> >> It's a good idea to change the passwords on the wikis now, since >> clear text passwords are just too easy to sniff at conferences. > > Update: The HTTPS config changes have now been put in place and > > HSTS is now also enabled for the wikis: > > http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security > > (allowing redirects to happen on the client side, if the browser > supports HSTS)
I've submitted an HSTS preload list entry request to Google for inclusion in their list: https://sites.google.com/a/chromium.org/dev/sts https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json Firefox bases its list on Google's, so hopefully wiki.python.org will end up there as well in a few weeks: http://blog.mozilla.org/security/2012/11/01/preloading-hsts/ https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Sep 04 2013) >>> Python Projects, Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ pydotorg-www mailing list pydotorg-www@python.org https://mail.python.org/mailman/listinfo/pydotorg-www
