> For future reference, about 3-4 days ago I changed things so that the
> public notebook server:
>    (1) Doesn't use ssl at all, and
>    (2) Is at http://sagenb.org  (and another at http://sagenb.com), so
>          there is no funny business with ports.
> Thus the above setup shouldn't get blocked anywhere anymore.
> Obviously (1) means people could sniff password on the public notebook
> easily, but this really isn't too worrisome given that the thing is free,
> etc., so what should people expect?

Did SSL slow down the machines that were running the public notebook? Did you 
run into scalability problems? If there is one lesson to be learned from 
it-sec than it is: people are amazingly stupid when it comes to it-sec. If 
you want to demonstrate that with SAGE you can easily work over the network 
using just a webbrowser (i.e. fullfill the promises of the webapps buzz) it 
is -- at least to me -- a requirement to not gamble with a user's 
credentials. Using a non-encrypted login page is -- again, at least to me -- 
a gamble with the user's credential. To sum up: I strongly vote for 
re-enabling SSL encryption.

Martin


-- 
name: Martin Albrecht
_pgp: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8EF0DC99
_www: http://www.informatik.uni-bremen.de/~malb
_jab: [EMAIL PROTECTED]


--~--~---------~--~----~------------~-------~--~----~
To post to this group, send email to sage-devel@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/sage-devel
URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/
-~----------~----~----~----~------~----~------~--~---

Reply via email to