Opened 8 years ago

Closed 6 years ago

#4690 closed Bug/Something is broken (fixed)

deprecate cleartext http for phpmyadmin

Reported by: Daniel Kahn Gillmor Owned by: Jamie McClelland
Priority: High Component: Tech
Keywords: https phpmyadmin Cc:
Sensitive: no

Description

phpmyadmin is an abomination, but apparently we need to offer it :P

At the very least, we should *not* be encouraging members to access it in the clear, spewing not only database credentials but internal database data over the network to anyone who cares to listen. Since each shared host already has an X.509 certificate purchased from the cartel, shouldn't we be more strictly encouraging the use of HTTPS there?

I'm thinking that each shared server should have the following changes made to their default apache config:

  • Cleartext http 302 redirects to https -- or a warning page explaining why the user should manually always type https.
  • Set up the HSTS header like we did for other sites in #3676

Change History (8)

comment:1 Changed 8 years ago by Ross

Could there be unexpected (though predictable) negative consequences for taking these steps? Would a more cautious approach have us simply redirect http://SERVER.ORG/phpmyadmin/* to https://SERVER.ORG/phpmyadmin/* ?

comment:2 Changed 8 years ago by Daniel Kahn Gillmor

It sounds to me like you're suggesting that there might be legitimate uses for http://example.mayfirst.org/ other than phpmyadmin that would somehow break or cause problems when redirected to https.

I can't think of anything like that (and if it existed, i'd be kind of happy to break it :P), but it seems like you could find out if anyone is visiting these pages with a grep of /var/log/apache/access.log, since the member sites all log to separate files.

A quick scan through menchu (taken as an example) shows nagios plugins, something from http://checks.panopta.com, some bots crawling the wasteland, phpmyadmin access, some hits from links from obviously misconfigured sites, and some hits from obviously broken browsers. Nothing that seems dangerous to a redirect to me.

comment:3 Changed 8 years ago by Ross

Owner: set to Daniel Kahn Gillmor
Status: newassigned

In that case, I would vote for a test of one server for a week. Preferably one of our most used servers, like malcolm, to be cautious and barring any problems, then move the rest.

comment:4 Changed 7 years ago by Daniel Kahn Gillmor

Keywords: f2f added

comment:5 Changed 7 years ago by Ross

Keywords: f2f removed

comment:6 Changed 7 years ago by Daniel Kahn Gillmor

Owner: changed from Daniel Kahn Gillmor to Jamie McClelland

i committed ae52266 to the puppet repository, which should (in combination with the cleanup on #5715) make this default to https.

jamie said he would review before publication, so i'm reassigning to him.

comment:7 Changed 7 years ago by Jamie McClelland

Moving along...

Changes are live on chavez, albizu and nicolas. I plan to wait until this weekend to sign the tag (because I will be out of town most of this week).

jamie

comment:8 Changed 6 years ago by Nat Meysenburg

Resolution: fixed
Status: assignedclosed

Looks as though this change has made it into puppet tags that have been pushed to all of the moshes.

--nat

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.