forrest-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clay Leeds <>
Subject Re: [Proposal] forrestbot at
Date Wed, 28 Jul 2004 16:49:30 GMT
On Jul 28, 2004, at 8:30 AM, Dave Brondsema wrote:
> On Wed, 28 Jul 2004, David Crossley wrote:
>> It may be better to change the text on that page to qualify
>> the statement about deployment until the issues are sorted out
>> with infrastructure. The last time that forrestbot was discussed,
>> everyone went off on a tangent over that.
> I looked at some old forrestbot threads from the infrastructure list
> (David provided them to me) and a lot of concern was about security.  
> We
> need to make some improvements to the bot & webapp before it would be
> useable ASF-wide.

One other thing I noticed, was that forrestbot appears to submit the 
LOGIN/PW as a GET, placing them in the URL & leaving them wide open to 
sniffing. Changing the FORM to POST would help, as would moving 
forrestbot to an HTTPS server (with a valid certificate).

Hope this helps!

Web Maestro Clay

View raw message