Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon5.gif   Problems with SSL and Synchronization, posted by Mark Langkau on Tue Dec 30 21:13:02 2008 
    icon2.gif   Re: Problems with SSL and Synchronization, posted by Stefan Ritt on Wed Dec 31 11:31:49 2008 
       icon2.gif   Re: Problems with SSL and Synchronization, posted by Brett Viren on Mon Mar 23 22:29:20 2009 
          icon2.gif   Re: Problems with SSL and Synchronization, posted by Brett Viren on Thu Mar 26 21:34:24 2009 
       icon2.gif   Re: Problems with SSL and Synchronization, posted by Diogo Alves on Mon Nov 9 09:32:19 2009 
       icon2.gif   Re: Problems with SSL and Synchronization, posted by Anthony Palladino on Sat May 1 18:02:30 2010 
Message ID: 66282     Entry time: Thu Mar 26 21:34:24 2009     In reply to: 66260
Icon: Reply  Author: Brett Viren  Author Email: bv@bnl.gov 
Category: Question  OS: Linux | Windows  ELOG Version: 2.7.5 
Subject: Re: Problems with SSL and Synchronization 

Brett Viren wrote:


Please make this 3. We (Daya Bay experiment) are just starting to set up Elog and will really want this feature!


I came up with a work-around for the lack of support for mirroring and SSL. You can put Elog behind an Apache proxy. Apache can serve through SSL for normal user access. The Elog server can "hosts allow" localhost and any mirrors and deny all others.

This still leaves the mirroring account subject to sniffing, which could be bad if mirrors are allowed to change content on the master, but it will greatly minimize the potential exposure of passwords. This could even be removed by only allowing localhost and mirroring over SSH tunnels.

-Brett.
ELOG V3.1.5-3fb85fa6