[Act] concern about http://act.perlconference.org/tpc-2018-glasgow/
Mark Keating
m.keating at shadowcat.co.uk
Fri Jul 6 11:38:06 CEST 2018
Hi Sebastian,
You're right this is an issue. The correct people to contact are the ACT
maintainers (ACT is the underlying system that powers the conference
site) and they are available via the ACT mailing list:
act at mongueurs.net
I have cc'd them into this email so that they are aware of it. I am
fairly certain that they know there is an issue but it is always good to
open the dialogue as there may be a way for others to help.
Kind regards
Mark
On 05/07/2018 19:41, Sebastian Strajan wrote:
>
> Hi Mark,
>
>
> I'm contacting you because I couldn't find a contact form for the
> http://act.perlconference.org/tpc-2018-glasgow/ website.
>
> I found out that you published some feeds in
> http://act.perlconference.org/tpc-2018-glasgow/atom/en.xml and I tough
> that you may be able to help me or at least recommend somebody else
> for this.
>
>
> It seems that the website doesn't provide an HTTPS version.
>
> My concern is because the website provides a login page which sends
> the credentials in clear text, which can be captured with ease by
> somebody else and after that they can track everything in my account.
>
> Also for users that reuse passwords this is a hazard, because all
> their/multiple accounts can be compromised because of logging on the
> conference website from an unsecure network (almost any public WIFI
> can be categorized as unsecure).
>
>
> Moving from HTTP to HTTPS shouldn't be that hard, and now it can be
> done freely via https://letsencrypt.org
>
> If you are unfamiliar with the https://letsencrypt.org here are more
> details:
>
> - can generate for free a HTTPS certificate that you can use for your
> website(s)
>
> - you can use the https://certbot.eff.org to generate the certificate
> via CLI in a Linux box (you just need a webserver that can host
> temporarily a file - in order for letsencrypt to be able to validate
> that you are the owner of the domain for which the certificate is
> generated)
>
> - certificate is valid for 90 days (this should be enough for manual
> generation - until the conference ends this will be valid, and after
> that the certificate will ensure encryption for the traffic, but the
> browser will tell you that the certificate has expired - it can be
> renewed if it is needed with the same process)
>
>
> If you need more info or help please let me know and I'll do my best
> in helping you.
>
>
> In case I need to contact somebody else please let me know.
>
>
> Thanks,
>
> Sebastian Strajan
>
--
Mark Keating | Writer, Photographer, Cat-Herder
Director | Shadowcat Systems Limited
Enlightened Perl Organisation
Lancaster and Morecambe Makers
FLOSSUK (UKUUG Limited)
Community Contributor | The Perl Foundation
Enlightened Perl Organisation
Lancaster and Morecambe Makers
FLOSSUK
Digital Lancaster
Independent Lancaster
Lancaster Hour
Ethical Small Trader's Association
Social Links | http://shadow.cat/blog/mark-keating/
http://linkedin.com/in/markkeating
@shadowcat_mdk
Shadowcat Systems Limited
Is a Company registered in England and Wales.
Company address: The Barracks, White Cross, South Road, Lancaster, LA1 4XQ.
Company Registration Number: 05420396.
Company VAT Number: 868 9313 71
Disclaimer
This email and any attachments to it may be confidential and are intended solely for the use
of the individual to whom it is addressed. Any views or opinions expressed are solely those of
the author and do not necessarily represent those of Shadowcat Systems Limited.
If you are not the intended recipient of this email, you must neither take any action based
upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you
have received this email in error immediately and do not disclose the contents to anyone or
make copies thereof.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listes.mongueurs.net/archives/act/attachments/20180706/39451c04/attachment.html>
More information about the Act
mailing list