[Ohrrpgce] Can't log in to wiki over HTTP

Adam Perry arperry at gmail.com
Thu Sep 17 09:56:31 PDT 2020 

I set it up with the Dreamhost one-click. There's an updater script that I
could run, but I think I've only done so once.

I seem to remember you're on Dreamhost as well. If you're having difficulty
upgrading, you may have an easier time adding a fresh install to your host
and transferring the contents.

On Thu, Sep 17, 2020 at 11:42 AM James Paige <Bob at hamsterrepublic.com>
wrote:

> How did you set it up, and how do you keep it updated? Maybe I just need
> to mimic your config :)
>
> On Thu, Sep 17, 2020, 12:09 PM Adam Perry <arperry at gmail.com> wrote:
>
>> Do you want to use the Slime Salad wiki? I'm not sure there's anything on
>> it worth keeping at this point.
>>
>> On Thu, Sep 17, 2020 at 9:50 AM James Paige <Bob at hamsterrepublic.com>
>> wrote:
>>
>>> I turned on https:// redirect for the whole site. Seems to be working
>>> fine.
>>>
>>> I tried the local upgrade process, and no luck. The git repo metadata is
>>> hopelessly corrupted.
>>>
>>> I won't get that solved today :P
>>>
>>> I'll probably have to set up a whole new mediawiki instance, make sure
>>> it has all the plugins we need, port over the anti-spam hacks, and then
>>> restore a database backup into it. Arg. That ain't happening today :(
>>>
>>> Anybody know a fully managed mediawiki hosting site? Doesn't have to be
>>> a free one.
>>>
>>> ---
>>> James Paige
>>>
>>>
>>>
>>> On Thu, Sep 17, 2020 at 10:08 AM James Paige <Bob at hamsterrepublic.com>
>>> wrote:
>>>
>>>> I would be happy to disable http completely, and always redirect http
>>>> to https.
>>>>
>>>> People who have an OS so old that it can't support https are welcome to
>>>> open a web browser on a separate device.
>>>>
>>>> I don't actually know how to do this just for the login page. I think I
>>>> remember an option in the dreamhost config panel to do this for the whole
>>>> site, but I would have to hunt for it.
>>>>
>>>> A *MUCH* bigger security concern is that I can't upgrade Mediawiki
>>>> anymore. It has been years since running "git pull" on a large repo in a
>>>> shell script on a dreamhost shared account was a viable option.
>>>>
>>>> I had a clunky workaround where I would rsync the whole thing locally,
>>>> upgrade it, rsync it back up to dreamhost, and then run the last stage of
>>>> the upgrade.
>>>>
>>>> I am always terrified that I will break the whole thing every time I do
>>>> that, but maybe I will give it a try today since I happen to be on a
>>>> vacation day and have time.
>>>>
>>>> I would really like to move the whole wiki to a place where the
>>>> upgrades were automatically managed for me. I haven't had time to look into
>>>> that (in years)
>>>>
>>>> On Thu, Sep 17, 2020 at 9:57 AM Adam Perry <arperry at gmail.com> wrote:
>>>>
>>>>> It is not a good idea to have an HTTP login page. Your credentials are
>>>>> sent in plain text when you log in via HTTP.
>>>>>
>>>>> I realize that the OHR wiki isn't the most high-profile target for
>>>>> hackers, but it's still a bad idea. We don't need to allow wiki editing to
>>>>> everyone able to use the engine if it means compromising security.
>>>>>
>>>>>
>>>>> On Wed, Sep 16, 2020, 8:45 PM Ralph Versteegen <teeemcee at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Holly reported, and I can confirm, that you can't log into the wiki,
>>>>>> or create an account, when accessing it over HTTP instead of HTTPS. (I
>>>>>> think I remember seeing this already quite a while ago.) You get the
>>>>>> following message:
>>>>>>
>>>>>> "There seems to be a problem with your login session; this action has
>>>>>> been canceled as a precaution against session hijacking. Please resubmit
>>>>>> the form."
>>>>>>
>>>>>> It is nice to be able to access the wiki via HTTP, since HTTPS is
>>>>>> inaccessible from ancient OSes such as some of those we support. If the
>>>>>> login page could redirect from HTTP to HTTPS...
>>>>>>
>>>>>> Hmm, maybe I should file such things on github instead...
>>>>>> _______________________________________________
>>>>>> Ohrrpgce mailing list
>>>>>> ohrrpgce at lists.motherhamster.org
>>>>>> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>>>>>>
>>>>> _______________________________________________
>>>>> Ohrrpgce mailing list
>>>>> ohrrpgce at lists.motherhamster.org
>>>>> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>>>>>
>>>> _______________________________________________
>>> Ohrrpgce mailing list
>>> ohrrpgce at lists.motherhamster.org
>>> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>>>
>> _______________________________________________
>> Ohrrpgce mailing list
>> ohrrpgce at lists.motherhamster.org
>> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>>
> _______________________________________________
> Ohrrpgce mailing list
> ohrrpgce at lists.motherhamster.org
> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.motherhamster.org/pipermail/ohrrpgce-motherhamster.org/attachments/20200917/0befea05/attachment-0001.html>

More information about the Ohrrpgce mailing list