Infra is the place to ask for ASF certificates (don't know if there are
some possibilities).
In the meantime, we can issue a self-signed certificate. The browser
will indicated that the certificate is not valid and user will be free
to accept or reject the encrypted connection (we can also mention that
in the nice home page).
Eric
On 05/03/2012 11:15 AM, Manuel Carrasco Moñino wrote:
Yep, enabling ssl in jetty server is the easiest way, I did not because we
need a valid ssl certificate for the server.
Do you know if ASF provides certificates for servers?
I'll configure jetty to listen in 443 with a non trust certificate and I'll
write a banner about the issue.
Communication between our server and gmail is encrypted though
- Manolo
On Thu, May 3, 2012 at 11:07 AM, Ioan Eugen Stan<stan.ieu...@gmail.com>wrote:
Pe 03.05.2012 11:51, Eric Charles a scris:
On 05/03/2012 10:44 AM, Eric Charles wrote:
On 05/03/2012 10:38 AM, Ioan Eugen Stan wrote:
Pe 03.05.2012 11:13, Eric Charles a scris:
Hi Manolo,
Demo also works for me :)
Well done!
Eric
Also works for me. Looks great. My Gmail account loads kind of slow. By
the way, how are credentials passed through the network? I hope they
don't pass nu-encripted.
they do, this is why I only tested with the 'demo', not the gmail.
See what firebug says after posting username_test/password_test
7|0|8|http://james.zones.**apache.org/hupa.gmail/hupa/|**
34B97BC5A839DB00A78894501B928D**96|net.customware.gwt.**
dispatch.client.standard.**StandardDispatchService|**
execute|net.customware.gwt.**dispatch.shared.Action|org.**
apache.hupa.shared.rpc.**LoginUser/2770786810|password_**
test|username_test|1|2|3|4|1|**5|6|7|8|<http://james.zones.apache.org/hupa.gmail/hupa/%7C34B97BC5A839DB00A78894501B928D96%7Cnet.customware.gwt.dispatch.client.standard.StandardDispatchService%7Cexecute%7Cnet.customware.gwt.dispatch.shared.Action%7Corg.apache.hupa.shared.rpc.LoginUser/2770786810%7Cpassword_test%7Cusername_test%7C1%7C2%7C3%7C4%7C1%7C5%7C6%7C7%7C8%7C>
:) it means my account may be compromised. We should do something about
this. In order of preference: make Hupa delegate to GMail authentication /
put some ssl / remove it / put a BIG banner on this warning people.
Manolo, do you have time to put some ssl?
An easy think to do would be to run anonymous SSL to encrypt the traffic.
There are plenty of options to further secure, the important stuff is
that we have with hupa a ground-basis to build on.
Eric
On 05/02/2012 11:19 PM, Manuel Carrasco Moñino wrote:
Hi all
I have updated Hupa site [1] which was very outdated.
Also I've fixed many bugs in hupa, improved styling, etc [2], and I've
deployed two instances [3] in order that everyone can test and play
with
it.
I'm thinking on releasing this version (0.2), so as it was the last
snapshot before adding the new improvements panned to be part of
hupa af
the end of the GSOC period.
Please, check out the demos and give feedback.
- Manolo
[1] http://james.apache.org/hupa
[2]
http://svn.apache.org/viewvc?**view=revision&revision=1333089<http://svn.apache.org/viewvc?view=revision&revision=1333089>
[3]
http://james.zones.apache.org/**index.html<http://james.zones.apache.org/index.html>
--
Ioan Eugen Stan
http://ieugen.blogspot.com
------------------------------**------------------------------**---------
To unsubscribe, e-mail:
server-dev-unsubscribe@james.**apache.org<server-dev-unsubscr...@james.apache.org>
For additional commands, e-mail:
server-dev-help@james.apache.**org<server-dev-h...@james.apache.org>
--
eric | http://about.echarles.net | @echarles
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
