[pydotorg-www] Removed wiki attack banners
M.-A. Lemburg
mal at egenix.com
Wed Sep 4 22:26:51 CEST 2013
On 04.09.2013 22:16, M.-A. Lemburg wrote:
> On 03.09.2013 16:49, M.-A. Lemburg wrote:
>> Since the HTTPS redirect are now mostly working (there are still some
>> details to be worked out), I've removed the wiki banners about the
>> attack and instead added a section to the front pages of the Python
>> and Jython wikis.
>>
>> It's a good idea to change the passwords on the wikis now, since
>> clear text passwords are just too easy to sniff at conferences.
>
> Update: The HTTPS config changes have now been put in place and
>
> HSTS is now also enabled for the wikis:
>
> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
>
> (allowing redirects to happen on the client side, if the browser
> supports HSTS)
I've submitted an HSTS preload list entry request to Google for
inclusion in their list:
https://sites.google.com/a/chromium.org/dev/sts
https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json
Firefox bases its list on Google's, so hopefully wiki.python.org
will end up there as well in a few weeks:
http://blog.mozilla.org/security/2012/11/01/preloading-hsts/
https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Sep 04 2013)
>>> Python Projects, Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
More information about the pydotorg-www
mailing list