SourceForge Support / Feature Requests / #2 Enable HTTPS on project web

#2 Enable HTTPS on project web

Status: implemented

Owner: nobody

Labels: https (5) ssl (3) project web (2)

Category: Project-web/Developer-web

Updated: 2016-11-30

Created: 2012-09-11

Creator: Robert Važan

Private: No

Computing overhead of HTTPS is extremely low, especially when compared to PHP & MySQL. Configuration is easy. Only one wildcard certificate is needed for the whole sourceforge domain. So why not? You could have it up & running this evening.

Sourceforge encourages projects to migrate their hosted apps (e.g. WordPress or wiki) to project web space. All these apps come with administration interface that requires administrator to log in. Since project web doesn't support SSL, administration sessions go through unencrypted HTTP connections, which makes them vulnerable to trivial password/cookie sniffing attacks. This is particularly important on sourceforge where software is distributed to end users. Hijacking WordPress, for example, would allow the attacker to insert fake download links that would enable the attacker to infect thousands of other systems.

(ticket moved from site support section to feature requests)

Comment from Chris Tsai:

I would like to note that this is not quite so simple, there are other things to consider beyond just the technical feasibility.

Discussion

Anonymous - 2012-09-13

https://sourceforge.net/apps/ideatorrent/sourceforge/ideatorrent/idea/721/

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Anonymous - 2012-09-13

And some dups... https://sourceforge.net/apps/ideatorrent/sourceforge/ideatorrent/?keywords=ssl&tags=

Would like to see this as well!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

GodMod - 2012-09-16

Would like to see this, too

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Joost Kop - 2014-03-20

I need this this for oauth2 verification of the xbmc-dropbox addon. Dropbox requires a https redirect URL...

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- MICHΔΣL - 2016-06-28
  
  If you want to load files from DropBox you can use DropBox Chooser without HTTPS - https://www.dropbox.com/developers/chooser
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

MICHΔΣL - 2016-06-28

I've built a coding playground and in order to my users to use Geolocation my application must be hosted over HTTPS. (Same Origin Policy

I'd really like to see this integrated otherwise I will have to migrate my application's hosting provider.

Last edit: MICHΔΣL 2016-06-28

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

konsolebox - 2016-10-31

FTR, Github has already made this possible: https://github.com/blog/2186-https-for-github-pages. As for custom domains, Let's Encrypt can be used.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2016-11-30

status: open --> implemented
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dave Brondsema - 2016-11-30

See https://sourceforge.net/blog/introducing-https-for-project-websites/

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

konsolebox - 2016-11-30

TYVM!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Enable HTTPS on project web

Site documentation and support for SourceForge.net

Searches

Help

#2 Enable HTTPS on project web

Discussion