[Ohrrpgce] Can't log in to wiki over HTTP

James Paige Bob at hamsterrepublic.com
Thu Sep 17 09:42:33 PDT 2020 

How did you set it up, and how do you keep it updated? Maybe I just need to
mimic your config :)

On Thu, Sep 17, 2020, 12:09 PM Adam Perry <arperry at gmail.com> wrote:

> Do you want to use the Slime Salad wiki? I'm not sure there's anything on
> it worth keeping at this point.
>
> On Thu, Sep 17, 2020 at 9:50 AM James Paige <Bob at hamsterrepublic.com>
> wrote:
>
>> I turned on https:// redirect for the whole site. Seems to be working
>> fine.
>>
>> I tried the local upgrade process, and no luck. The git repo metadata is
>> hopelessly corrupted.
>>
>> I won't get that solved today :P
>>
>> I'll probably have to set up a whole new mediawiki instance, make sure it
>> has all the plugins we need, port over the anti-spam hacks, and then
>> restore a database backup into it. Arg. That ain't happening today :(
>>
>> Anybody know a fully managed mediawiki hosting site? Doesn't have to be a
>> free one.
>>
>> ---
>> James Paige
>>
>>
>>
>> On Thu, Sep 17, 2020 at 10:08 AM James Paige <Bob at hamsterrepublic.com>
>> wrote:
>>
>>> I would be happy to disable http completely, and always redirect http to
>>> https.
>>>
>>> People who have an OS so old that it can't support https are welcome to
>>> open a web browser on a separate device.
>>>
>>> I don't actually know how to do this just for the login page. I think I
>>> remember an option in the dreamhost config panel to do this for the whole
>>> site, but I would have to hunt for it.
>>>
>>> A *MUCH* bigger security concern is that I can't upgrade Mediawiki
>>> anymore. It has been years since running "git pull" on a large repo in a
>>> shell script on a dreamhost shared account was a viable option.
>>>
>>> I had a clunky workaround where I would rsync the whole thing locally,
>>> upgrade it, rsync it back up to dreamhost, and then run the last stage of
>>> the upgrade.
>>>
>>> I am always terrified that I will break the whole thing every time I do
>>> that, but maybe I will give it a try today since I happen to be on a
>>> vacation day and have time.
>>>
>>> I would really like to move the whole wiki to a place where the upgrades
>>> were automatically managed for me. I haven't had time to look into that (in
>>> years)
>>>
>>> On Thu, Sep 17, 2020 at 9:57 AM Adam Perry <arperry at gmail.com> wrote:
>>>
>>>> It is not a good idea to have an HTTP login page. Your credentials are
>>>> sent in plain text when you log in via HTTP.
>>>>
>>>> I realize that the OHR wiki isn't the most high-profile target for
>>>> hackers, but it's still a bad idea. We don't need to allow wiki editing to
>>>> everyone able to use the engine if it means compromising security.
>>>>
>>>>
>>>> On Wed, Sep 16, 2020, 8:45 PM Ralph Versteegen <teeemcee at gmail.com>
>>>> wrote:
>>>>
>>>>> Holly reported, and I can confirm, that you can't log into the wiki,
>>>>> or create an account, when accessing it over HTTP instead of HTTPS. (I
>>>>> think I remember seeing this already quite a while ago.) You get the
>>>>> following message:
>>>>>
>>>>> "There seems to be a problem with your login session; this action has
>>>>> been canceled as a precaution against session hijacking. Please resubmit
>>>>> the form."
>>>>>
>>>>> It is nice to be able to access the wiki via HTTP, since HTTPS is
>>>>> inaccessible from ancient OSes such as some of those we support. If the
>>>>> login page could redirect from HTTP to HTTPS...
>>>>>
>>>>> Hmm, maybe I should file such things on github instead...
>>>>> _______________________________________________
>>>>> Ohrrpgce mailing list
>>>>> ohrrpgce at lists.motherhamster.org
>>>>> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>>>>>
>>>> _______________________________________________
>>>> Ohrrpgce mailing list
>>>> ohrrpgce at lists.motherhamster.org
>>>> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>>>>
>>> _______________________________________________
>> Ohrrpgce mailing list
>> ohrrpgce at lists.motherhamster.org
>> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>>
> _______________________________________________
> Ohrrpgce mailing list
> ohrrpgce at lists.motherhamster.org
> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.motherhamster.org/pipermail/ohrrpgce-motherhamster.org/attachments/20200917/a22fe9d7/attachment.html>

More information about the Ohrrpgce mailing list