[Ohrrpgce] Can't log in to wiki over HTTP

Adam Perry arperry at gmail.com
Thu Sep 17 11:03:40 PDT 2020 

Hmm, now that you mention it, it looks like the control panel now only
supports one-click for Wordpress. I haven't tried that in over a year, so I
don't know when it changed.

You ought to be able to manually install
<https://www.mediawiki.org/wiki/Manual:Installation_guide> MediaWiki,
though, even without sudo access.

On Thu, Sep 17, 2020 at 12:10 PM James Paige <Bob at hamsterrepublic.com>
wrote:

> Does one-click Mediawiki still exist on Dreamhost? I spent some time
> hunting for it, and could not find it.
>
> Maybe they deprecated it and disabled new installs?... Or maybe I am just
> looking in the wrong place :D
>
> On Thu, Sep 17, 2020, 12:56 PM Adam Perry <arperry at gmail.com> wrote:
>
>> I set it up with the Dreamhost one-click. There's an updater script that
>> I could run, but I think I've only done so once.
>>
>> I seem to remember you're on Dreamhost as well. If you're having
>> difficulty upgrading, you may have an easier time adding a fresh install to
>> your host and transferring the contents.
>>
>> On Thu, Sep 17, 2020 at 11:42 AM James Paige <Bob at hamsterrepublic.com>
>> wrote:
>>
>>> How did you set it up, and how do you keep it updated? Maybe I just need
>>> to mimic your config :)
>>>
>>> On Thu, Sep 17, 2020, 12:09 PM Adam Perry <arperry at gmail.com> wrote:
>>>
>>>> Do you want to use the Slime Salad wiki? I'm not sure there's anything
>>>> on it worth keeping at this point.
>>>>
>>>> On Thu, Sep 17, 2020 at 9:50 AM James Paige <Bob at hamsterrepublic.com>
>>>> wrote:
>>>>
>>>>> I turned on https:// redirect for the whole site. Seems to be working
>>>>> fine.
>>>>>
>>>>> I tried the local upgrade process, and no luck. The git repo metadata
>>>>> is hopelessly corrupted.
>>>>>
>>>>> I won't get that solved today :P
>>>>>
>>>>> I'll probably have to set up a whole new mediawiki instance, make sure
>>>>> it has all the plugins we need, port over the anti-spam hacks, and then
>>>>> restore a database backup into it. Arg. That ain't happening today :(
>>>>>
>>>>> Anybody know a fully managed mediawiki hosting site? Doesn't have to
>>>>> be a free one.
>>>>>
>>>>> ---
>>>>> James Paige
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Sep 17, 2020 at 10:08 AM James Paige <Bob at hamsterrepublic.com>
>>>>> wrote:
>>>>>
>>>>>> I would be happy to disable http completely, and always redirect http
>>>>>> to https.
>>>>>>
>>>>>> People who have an OS so old that it can't support https are welcome
>>>>>> to open a web browser on a separate device.
>>>>>>
>>>>>> I don't actually know how to do this just for the login page. I think
>>>>>> I remember an option in the dreamhost config panel to do this for the whole
>>>>>> site, but I would have to hunt for it.
>>>>>>
>>>>>> A *MUCH* bigger security concern is that I can't upgrade Mediawiki
>>>>>> anymore. It has been years since running "git pull" on a large repo in a
>>>>>> shell script on a dreamhost shared account was a viable option.
>>>>>>
>>>>>> I had a clunky workaround where I would rsync the whole thing
>>>>>> locally, upgrade it, rsync it back up to dreamhost, and then run the last
>>>>>> stage of the upgrade.
>>>>>>
>>>>>> I am always terrified that I will break the whole thing every time I
>>>>>> do that, but maybe I will give it a try today since I happen to be on a
>>>>>> vacation day and have time.
>>>>>>
>>>>>> I would really like to move the whole wiki to a place where the
>>>>>> upgrades were automatically managed for me. I haven't had time to look into
>>>>>> that (in years)
>>>>>>
>>>>>> On Thu, Sep 17, 2020 at 9:57 AM Adam Perry <arperry at gmail.com> wrote:
>>>>>>
>>>>>>> It is not a good idea to have an HTTP login page. Your credentials
>>>>>>> are sent in plain text when you log in via HTTP.
>>>>>>>
>>>>>>> I realize that the OHR wiki isn't the most high-profile target for
>>>>>>> hackers, but it's still a bad idea. We don't need to allow wiki editing to
>>>>>>> everyone able to use the engine if it means compromising security.
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Sep 16, 2020, 8:45 PM Ralph Versteegen <teeemcee at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Holly reported, and I can confirm, that you can't log into the
>>>>>>>> wiki, or create an account, when accessing it over HTTP instead of HTTPS.
>>>>>>>> (I think I remember seeing this already quite a while ago.) You get the
>>>>>>>> following message:
>>>>>>>>
>>>>>>>> "There seems to be a problem with your login session; this action
>>>>>>>> has been canceled as a precaution against session hijacking. Please
>>>>>>>> resubmit the form."
>>>>>>>>
>>>>>>>> It is nice to be able to access the wiki via HTTP, since HTTPS is
>>>>>>>> inaccessible from ancient OSes such as some of those we support. If the
>>>>>>>> login page could redirect from HTTP to HTTPS...
>>>>>>>>
>>>>>>>> Hmm, maybe I should file such things on github instead...
>>>>>>>> _______________________________________________
>>>>>>>> Ohrrpgce mailing list
>>>>>>>> ohrrpgce at lists.motherhamster.org
>>>>>>>>
>>>>>>>> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Ohrrpgce mailing list
>>>>>>> ohrrpgce at lists.motherhamster.org
>>>>>>>
>>>>>>> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>>>>>>>
>>>>>> _______________________________________________
>>>>> Ohrrpgce mailing list
>>>>> ohrrpgce at lists.motherhamster.org
>>>>> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>>>>>
>>>> _______________________________________________
>>>> Ohrrpgce mailing list
>>>> ohrrpgce at lists.motherhamster.org
>>>> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>>>>
>>> _______________________________________________
>>> Ohrrpgce mailing list
>>> ohrrpgce at lists.motherhamster.org
>>> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>>>
>> _______________________________________________
>> Ohrrpgce mailing list
>> ohrrpgce at lists.motherhamster.org
>> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>>
> _______________________________________________
> Ohrrpgce mailing list
> ohrrpgce at lists.motherhamster.org
> http://lists.motherhamster.org/listinfo.cgi/ohrrpgce-motherhamster.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.motherhamster.org/pipermail/ohrrpgce-motherhamster.org/attachments/20200917/a540435a/attachment-0001.html>

More information about the Ohrrpgce mailing list