Announcement

NEW: SSL support

by bbi5291 on Nov 16, 2010 - 3:46:42 am UTC
  • (0/0)
SSL (a.k.a., https) is now enabled everywhere on this site. However, you will have to accept my OpenSSL key if you don't want your browser to complain that this site's identity isn't verified because the certification authority is not trusted blah blah blah.

In light of the fact that a proof-of-concept exploit of the ubiquitous cookie-based session authentication mechanism over unencrypted HTTP now exists, I personally recommend using SSL everywhere.

Note that, for the time being, I am too lazy to figure out how to cleanly separate the HTTP and HTTPS interfaces while still keeping them synced, so that currently, for example, if you login to the HTTP server, you also login to the HTTPS server, and vice versa. This is less than desirable, but oh well. (One consequence is that links from the wiki to the Judge will sometimes be http links and sometimes https links, but it depends on whether the last person to edit the page was using one or the other.)

Comments (Search)

After logging in securely, the page redirects to http://pegjudge.ath.cx/main/login/main (which shows a blank login form) as opposed to the expected http://pegjudge.ath.cx/main/.
Missing an initial / in the redirect?

Actually, no, I was just being stupid, and including $_SERVER['REQUEST_URI'] in the redirect path. It's fixed now.