I have identified the issue with using the 1-Click solution. This post is OBE.
Users, DO NOT USE THIS. It is insecure, all secretes will be transmitted in clear text and it will be very easy for a malicious actor to delete all your genealogical data.
Please use the official documentation at Introduction - Gramps Web. If something does not work, please follow the guidelines here: Get Help - Gramps Web
@dmgursky
Could you retract this for now? You might discuss the security risks with David privately… and perhaps invite a few other advanced users to the discussion.
Maybe this alternate manual process could be made safe?
There does not appear to be a retract option. At least not that I could readily find.
That being said, perhaps you could improve upon this by describing how to obtain an SSL Certificate and to update one’s grampsweb configuration to use that certificate.
2 Likes
The option to delete a thread is reversible. I think of it as a ‘retract’ since the posting remains accessible to you & admins of the group
This could be useful if someone starts by running an insecure server on an internal network, then at some point in the future wants to make it public.
I’ve been curious if a SSL certificate and secure ptotocol https were necessary for a home network installation too?
All my stuff is temporarily (I hope) in storage but I look forward to trying it when I have a place to set up another LAN/WAN.
If everything is local, your risk is very low (short of a bad actor deliberately targeting you, which just makes you the potential subject for an ABC Movie Of The Week #ShowingMyAge). Furthermore, if everything at home is WIRED, your risk is even lower still (and you get upgraded to a Netflix Spy Thriller with some combination of Dwayne Johnson, Ryan Reynolds, Paul Rudd, Gal Gadot, and Scarlett Johansson).
Hey, I realized that it would be isolated and safe. (Particularly since the wireless doesn’t broadcast its ID and only allows registered MAC addresses.)
But what I know very little about is if the setup of Gramps Web REQUIRES the SSL certificate or can run as insecure http instead of https pointing to the subdomains registered on my local network DNS.
I know I’ll eventually have to become conversant in SSL and https and IPv6… but I don’t wanna!
FYSA – just because a router does not broadcast an SSID does not make it safe. Harder to get into, yes, but not intrinsically safe. Ditto MAC authentication as MAC addresses can be spoofed, but again, we are getting into Ryan Reynolds / Paul Rudd territory (and maybe a smattering of Robert Downey Jr. and Mark Ruffalo with a dash of Chris Hemsworth).
No, grampsweb does not require SSL. SSL is a function of the Transport Layer, whereas grampsweb sits at the application layer. [For all you geeks out there – yes, I know you can get an Application to query the HTTP connection to verify if it is secured, maybe even if it is secured by SSL v3, TLS 1.2, etc, but that’s the exception. [And don’t get me started on X.509 certificate authentication – I will hurt you.]