This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] [db-wg] Fwd: RIPE Database Release 1.72 - including SSO Integration
- Previous message (by thread): [ncc-services-wg] [db-wg] Fwd: RIPE Database Release 1.72 - including SSO Integration
- Next message (by thread): [ncc-services-wg] [db-wg] Fwd: RIPE Database Release 1.72 - including SSO Integration
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Agoston Horvath
agoston at ripe.net
Tue Mar 25 09:43:21 CET 2014
Dear colleagues, Let me clarify. Denis was referring to the web forms, that are also named 'syncupdates' and 'webupdates'. The actual syncupdates service did not change. Furthermore, the syncupdates and webupdates web forms were already enforcing https because of sensitive authentication data (e.g. passwords). The only change that happened yesterday was that now we also enforce https on the query form, so that the RIPE Access session token is secured. Sorry for the misunderstanding. Kind regards, Agoston Horvath Senior Software Engineer RIPE NCC On 03/24/2014 09:56 PM, Gert Doering wrote: > Hi, > > On Mon, Mar 24, 2014 at 02:27:39PM +0100, Denis Walker wrote: >> The RIPE Database release 1.72 has now been fully deployed to production. >> >> We would like to point out that, with this release, Webupdates and >> Syncupdates can only be accessed with HTTPS and not with HTTP. This is >> to conform to the requirements of using RIPE ACCESS now as an >> authentication method for updating the RIPE Database. Any update using >> HTTP will be automatically redirected to HTTPS. > > Uh, what? > > This does not *exactly* meet POLA, and that part of the change was not > announced as such - and as it's quite likely that this breaks someone's > syncupdate script (why would a syncupdate client be written to handle > http->https redirects if all it wants is a single POST?) this really should > have been announced before. > > ... and I'm less than convinced that wanting to have HTTPS *for RIPE > ACCESS* is a good reason to force it by surprise on everyone else. > > Gert Doering > -- NetMaster >
- Previous message (by thread): [ncc-services-wg] [db-wg] Fwd: RIPE Database Release 1.72 - including SSO Integration
- Next message (by thread): [ncc-services-wg] [db-wg] Fwd: RIPE Database Release 1.72 - including SSO Integration
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]