[ECODP-dev] test machine to release 00.09.03 with CKAN security patch (ODP-300 & ODP-291 support)

Bert Van Nuffelen bert.van.nuffelen at tenforce.com
Mon Oct 21 13:50:36 UTC 2013


Hi John,

thanks for investigating this issue.

* Can you provide a detailed updated on what you have changed?
  Also "breaks some redirects" ... that part requires some more explanation.

* About the nginx: this is the configuration that has been provided to us.
So we where not aware that this happened.
  Can your provide the detailed rules that are to be changed?

thanks,

Bert




2013/10/17 John Glover <john.glover at okfn.org>

> Hi Bert,
>
> I have investigated the login situation and there seemed to be two
> problems, both of which are unrelated to the https configuration:
>
> - the site_url in the CKAN config was set to the internal IP address,
> which breaks some redirects.
> - caching was enabled in NGINX, and logged-in pages were being cached (the
> name of the cookie that is used to authenticate users changed in release 09
> so this had to be updated in the NGINX config).
>
> Login should be working as expected again now.
>
> Regards,
> John
>
>
> On 16 October 2013 16:57, John Glover <john.glover at okfn.org> wrote:
>
>> Hi Bert,
>>
>> Thanks. Could you also please load the most recent dump of the 09
>> production database (the backups directory that Dimitrios mentioned before
>> is no longer on the server)?
>>
>> I will investigate the issue with logging in after I have written and
>> tested the patch.
>>
>> Regards,
>> John
>>
>>
>>  On 16 October 2013 15:20, Bert Van Nuffelen <
>> bert.van.nuffelen at tenforce.com> wrote:
>>
>>>  Hi John and Darwin,
>>>
>>> 212.71.25.148 has been setup to release 00.09.03. + the suggested
>>> changes to remove the https setup temporary.
>>>
>>> For ODP-300:
>>>
>>> There is a system admin user created api/api and a data publisher
>>> bert/bert.
>>> What we have now is that with this setup if you login as bert, then
>>> clear your cookies in your browser and then login as api you see bert.
>>> Secondly if Dimitrios logs in on another computer as api then he is also
>>> 'bert'.
>>>
>>> I have the feeling that the suggestion for removing the https setup have
>>> a drastic impact on the correct user management.
>>>
>>> best regards,
>>>
>>> Bert
>>>
>>> --
>>> Bert Van Nuffelen
>>>
>>> Semantic Technologies Software Architect at TenForce
>>> www.tenforce.be
>>>
>>> Bert.Van.Nuffelen at tenforce.com
>>> Office: +32 (0)16 31 48 60
>>> Mobile:+32 479 06 24 26
>>> skype: bert.van.nuffelen
>>>
>>> _______________________________________________
>>> Ecodp-dev mailing list
>>> Ecodp-dev at lists.okfn.org
>>> http://lists.okfn.org/mailman/listinfo/ecodp-dev
>>>
>>>
>>
>
> _______________________________________________
> Ecodp-dev mailing list
> Ecodp-dev at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/ecodp-dev
>
>


-- 
Bert Van Nuffelen

Semantic Technologies Software Architect at TenForce
www.tenforce.be

Bert.Van.Nuffelen at tenforce.com
Office: +32 (0)16 31 48 60
Mobile:+32 479 06 24 26
skype: bert.van.nuffelen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/ecodp-dev/attachments/20131021/c7f2553a/attachment.html>


More information about the ecodp-dev mailing list