Yep, enabling ssl in jetty server is the easiest way, I did not because we need a valid ssl certificate for the server.
Do you know if ASF provides certificates for servers? I'll configure jetty to listen in 443 with a non trust certificate and I'll write a banner about the issue. Communication between our server and gmail is encrypted though - Manolo On Thu, May 3, 2012 at 11:07 AM, Ioan Eugen Stan <stan.ieu...@gmail.com>wrote: > Pe 03.05.2012 11:51, Eric Charles a scris: > > >> >> On 05/03/2012 10:44 AM, Eric Charles wrote: >> >>> On 05/03/2012 10:38 AM, Ioan Eugen Stan wrote: >>> >>>> Pe 03.05.2012 11:13, Eric Charles a scris: >>>> >>>>> Hi Manolo, >>>>> Demo also works for me :) >>>>> Well done! >>>>> Eric >>>>> >>>> >>>> Also works for me. Looks great. My Gmail account loads kind of slow. By >>>> the way, how are credentials passed through the network? I hope they >>>> don't pass nu-encripted. >>>> >>> >>> they do, this is why I only tested with the 'demo', not the gmail. >>> See what firebug says after posting username_test/password_test >>> >>> 7|0|8|http://james.zones.**apache.org/hupa.gmail/hupa/|** >>> 34B97BC5A839DB00A78894501B928D**96|net.customware.gwt.** >>> dispatch.client.standard.**StandardDispatchService|** >>> execute|net.customware.gwt.**dispatch.shared.Action|org.** >>> apache.hupa.shared.rpc.**LoginUser/2770786810|password_** >>> test|username_test|1|2|3|4|1|**5|6|7|8|<http://james.zones.apache.org/hupa.gmail/hupa/%7C34B97BC5A839DB00A78894501B928D96%7Cnet.customware.gwt.dispatch.client.standard.StandardDispatchService%7Cexecute%7Cnet.customware.gwt.dispatch.shared.Action%7Corg.apache.hupa.shared.rpc.LoginUser/2770786810%7Cpassword_test%7Cusername_test%7C1%7C2%7C3%7C4%7C1%7C5%7C6%7C7%7C8%7C> >>> >>> > :) it means my account may be compromised. We should do something about > this. In order of preference: make Hupa delegate to GMail authentication / > put some ssl / remove it / put a BIG banner on this warning people. > > Manolo, do you have time to put some ssl? > > > An easy think to do would be to run anonymous SSL to encrypt the traffic. > >> >> There are plenty of options to further secure, the important stuff is >>> that we have with hupa a ground-basis to build on. >>> >>> Eric >>> >>> >>>> >>>> >>>> On 05/02/2012 11:19 PM, Manuel Carrasco Moñino wrote: >>>>> >>>>>> Hi all >>>>>> >>>>>> I have updated Hupa site [1] which was very outdated. >>>>>> >>>>>> Also I've fixed many bugs in hupa, improved styling, etc [2], and I've >>>>>> deployed two instances [3] in order that everyone can test and play >>>>>> with >>>>>> it. >>>>>> >>>>>> I'm thinking on releasing this version (0.2), so as it was the last >>>>>> snapshot before adding the new improvements panned to be part of >>>>>> hupa af >>>>>> the end of the GSOC period. >>>>>> >>>>>> Please, check out the demos and give feedback. >>>>>> >>>>>> - Manolo >>>>>> >>>>>> [1] http://james.apache.org/hupa >>>>>> [2] >>>>>> http://svn.apache.org/viewvc?**view=revision&revision=1333089<http://svn.apache.org/viewvc?view=revision&revision=1333089> >>>>>> [3] >>>>>> http://james.zones.apache.org/**index.html<http://james.zones.apache.org/index.html> >>>>>> >>>>>> >>>>> >>>> >>>> >>> >> > > -- > Ioan Eugen Stan > http://ieugen.blogspot.com > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > server-dev-unsubscribe@james.**apache.org<server-dev-unsubscr...@james.apache.org> > For additional commands, e-mail: > server-dev-help@james.apache.**org<server-dev-h...@james.apache.org> > >
