[Web Comm] RSS Feeds

Jason Birch Jason.Birch at nanaimo.ca
Wed Mar 29 03:19:59 EST 2006


It still appears to be calling that site via http.
 
I'm a little concerned about the possibility of cross-site scripting attacks against us, either through direct manipulation of the external script, or through dns poisoning of the external site's DNS server to send back alternate information.  Should we ask the list if there is an affiliated project that would be willing to host the RSS reflector for us?
 
I don't think that I will be able to make the meeting tomorrow.  It's been a brutal week for me at work.
 
Jason
 

________________________________

From: Daniel Brookshier [mailto:dbrookshier at collab.net]
Sent: Tue 2006-03-28 11:04 PM
To: dev at webcommittee.osgeo.org
Subject: Re: [Web Comm] RSS Feeds



Can you take a look at https://webcommittee.osgeo.org/ again?

I found a feed tool that originates from an https site.

Daniel Brookshier | Community Manager | CollabNet, Inc.
8000 Marina Blvd. Suite 600 | Brisbane, CA 94005 | USA
O 972.422.5261 | C 214.207.6614 | dbrookshier at collab.net


On Mar 28, 2006, at 10:26 AM, Jason Birch wrote:

> Hi,
>
> Looks like the RSS feeds are up for WebCom but:
> - They give SSL warnings in IE
> - When the warning is ignored, there is an error message about not 
> being
> able to access the non-SSL osgeo feeds.
>
> Looks like we'd need to either remove the requirement for SSL or move
> the script to an SSL server.
>
> Jason
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe at webcommittee.osgeo.org
> For additional commands, e-mail: dev-help at webcommittee.osgeo.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe at webcommittee.osgeo.org
For additional commands, e-mail: dev-help at webcommittee.osgeo.org








More information about the Webcom mailing list