Comments (6)
They are visible from the Internet.
from build.
The JavaRosa documentation has a lot to say about not allowing http
: https://bitbucket.org/javarosa/javarosa/wiki/AuthenticationAPI
I find it vanishingly unlikely that somebody will have a local server that is accessible from the Internet at large anyway?
from build.
My reading of the spec is that you should use HTTPS, but it isn't required.
The vast majority of local Aggregate servers (and there are a fair bit of those) I come across do not have HTTPS enabled. This is mostly because installing a SSL cert on Tomcat is a miserable task.
from build.
Question stands: are those servers visible from the internet, though, or are they likely to be behind a NAT?
from build.
PR #101 started on this ticket, but it still needs more work:
The request here is to allow both http
and https
server addresses, so there are quite a few spots that need adjustment:
- The UI should neither assume
http
norhttps
, and allow either option, either via a<select>
tag or via format validation with meaningful error text to the user. - The server currently assumes
https
. - I'd personally appreciate it if there were a security notice at the bottom (if you go with a
<select>
, ideally only show it ifhttp
is chosen) noting that the user's authentication credentials will be sent insecurely. Sample wording: "Warning: sending data to a non-HTTPS Aggregate server will mean your credentials and data are sent over the web insecurely."
I like that #101 left one example https
and changed one to http
.
from build.
Hi,
Sorry for the thread necromancy, but the unsecured HTTP is still not supported correctly enough. Currently, there is this in the code: https://github.com/opendatakit/build/blob/283da5840c7f83adf8228c558311266723b83fc1/server/odkbuild_server.rb#L252-L255
which forces http.use_ssl = true
every time, resulting in OpenSSL handshake error on plain HTTP. It seems like an easy fix, but I have absolutely zero knowledge of ruby, so I don't dare to make one.
from build.
Related Issues (20)
- Support select from map
- Switch from Google Analytics to Fathom
- Export to XML generates new form id everytime
- Review docs HOT 1
- Include a local bind mount in docker-compose file to transfer database dumps
- Update docker-compose.yml to use a specific release HOT 3
- Prevent external sites from embedding Build HOT 7
- Embed Build into Central
- Export with cascades and select_multiple fails HOT 5
- Investigate `rack.session` cookie warning
- Upgrade util.js browser detection HOT 3
- Error pasting select options from MS Excel into options editor HOT 3
- Add text appearance multiline
- Warn if the value of a SelectOne or SelectMultiple option is blank
- Release 0.4.3
- Build should not use "default" for auto-send and auto-delete
- Remove upload form to Aggregate menu item HOT 1
- Support Entities
- Maintenance upgrade of installation docs
- Form template library
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from build.