ASKSAGE: Sage Q&A Forum - Individual question feedhttp://ask.sagemath.org/questions/Q&A Forum for SageenCopyright Sage, 2010. Some rights reserved under creative commons license.Fri, 15 Jun 2012 11:40:55 -0500Non-SSL security for Sage Math Servershttp://ask.sagemath.org/question/9079/non-ssl-security-for-sage-math-servers/I am running a Sage Math server on RackSpace and I have to run it in "secure=False' mode as I cannot have SSL active. I am told that the official sage math server at www.sagenb.org also doesnt use SSL. My question is, how best should I make my server reasonably secure without invoking SSL handshaking? I would particularly appreciate knowing how this is done at sagenb.org as your system seems reasonably secure. Any advice (other than asking it to be run in "secure=True" mode) would be most
MathBearFri, 15 Jun 2012 11:24:36 -0500http://ask.sagemath.org/question/9079/non-ssl-security-for-sage-math-servers/Answer by Volker Braun for <p>I am running a Sage Math server on RackSpace and I have to run it in "secure=False' mode as I cannot have SSL active. I am told that the official sage math server at <a href="http://www.sagenb.org">www.sagenb.org</a> also doesnt use SSL. My question is, how best should I make my server reasonably secure without invoking SSL handshaking? I would particularly appreciate knowing how this is done at <a href="http://sagenb.org">sagenb.org</a> as your system seems reasonably secure. Any advice (other than asking it to be run in "secure=True" mode) would be most
MathBear</p>
http://ask.sagemath.org/question/9079/non-ssl-security-for-sage-math-servers/?answer=13710#post-id-13710The security implication is that the password is transmitted in plain-text, so if the traffic is routed through a rogue carrier then he can extract the password. Just don't use a valuable password.Fri, 15 Jun 2012 11:40:55 -0500http://ask.sagemath.org/question/9079/non-ssl-security-for-sage-math-servers/?answer=13710#post-id-13710