> For future reference, about 3-4 days ago I changed things so that the > public notebook server: > (1) Doesn't use ssl at all, and > (2) Is at http://sagenb.org (and another at http://sagenb.com), so > there is no funny business with ports. > Thus the above setup shouldn't get blocked anywhere anymore. > Obviously (1) means people could sniff password on the public notebook > easily, but this really isn't too worrisome given that the thing is free, > etc., so what should people expect?
Did SSL slow down the machines that were running the public notebook? Did you run into scalability problems? If there is one lesson to be learned from it-sec than it is: people are amazingly stupid when it comes to it-sec. If you want to demonstrate that with SAGE you can easily work over the network using just a webbrowser (i.e. fullfill the promises of the webapps buzz) it is -- at least to me -- a requirement to not gamble with a user's credentials. Using a non-encrypted login page is -- again, at least to me -- a gamble with the user's credential. To sum up: I strongly vote for re-enabling SSL encryption. Martin -- name: Martin Albrecht _pgp: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8EF0DC99 _www: http://www.informatik.uni-bremen.de/~malb _jab: [EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/ -~----------~----~----~----~------~----~------~--~---