[pydotorg-www] [Infrastructure] Removed wiki attack banners

M.-A. Lemburg mal at egenix.com
Thu Sep 5 18:06:13 CEST 2013


On 04.09.2013 22:26, M.-A. Lemburg wrote:
> On 04.09.2013 22:16, M.-A. Lemburg wrote:
>> On 03.09.2013 16:49, M.-A. Lemburg wrote:
>>> Since the HTTPS redirect are now mostly working (there are still some
>>> details to be worked out), I've removed the wiki banners about the
>>> attack and instead added a section to the front pages of the Python
>>> and Jython wikis.
>>>
>>> It's a good idea to change the passwords on the wikis now, since
>>> clear text passwords are just too easy to sniff at conferences.
>>
>> Update: The HTTPS config changes have now been put in place and
>>
>> HSTS is now also enabled for the wikis:
>>
>> http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
>>
>> (allowing redirects to happen on the client side, if the browser
>> supports HSTS)
> 
> I've submitted an HSTS preload list entry request to Google for
> inclusion in their list:
> 
> https://sites.google.com/a/chromium.org/dev/sts
> https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json
> 
> Firefox bases its list on Google's, so hopefully wiki.python.org
> will end up there as well in a few weeks:
> 
> http://blog.mozilla.org/security/2012/11/01/preloading-hsts/
> https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List

This is added now:

http://src.chromium.org/viewvc/chrome?revision=221431&view=revision

It'll appear in Chrome after the usual product development
cycles. Not sure how often Mozilla updates their list.

Donald: You might want to add pypi.python.org to the HSTS
list as well.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Sep 05 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
2013-09-04: Released eGenix pyOpenSSL 0.13.2 ...  http://egenix.com/go48
2013-09-20: PyCon UK 2013, Coventry, UK ...                15 days to go
2013-09-28: PyDDF Sprint ...                               23 days to go

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/


More information about the pydotorg-www mailing list