Closed
Bug 1421587
Opened 7 years ago
Closed 7 years ago
Redirect open.mozilla.org to open innovation blog
Categories
(Infrastructure & Operations :: SSL Certificates, task)
Infrastructure & Operations
SSL Certificates
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: yousef, Unassigned)
Details
(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/5894])
Hey folks,
We'd like to redirect open.mozilla.org to our open innovation blog at https://medium.com/mozilla-open-innovation. A 302 redirect is preferred, just in case we want to use the domain for other stuff in the future.
Thanks!!
Comment 1•7 years ago
|
||
Hey Tristan,
Just wanted to clear this with Security before proceeding since its a mozilla.org redirect to an external domain (medium.com)
Thanks!
- Joey K
Flags: needinfo?(tweir)
Comment 2•7 years ago
|
||
Yousef, do you know
1. Who the owners/admins are for this medium account?
2. What access controls are in place?
My major concern with things like this is that we hang it on a mozilla.org, and then an unauthorized user posts spam, porn, etc., and then it looks like we got compromised, not a 3rd party.
With a 302, that's less of a problem, but it would be good to ensure that:
1. Only approved users can publish and only a few people can add approved users.
2. Authentication for approved users is strong (required password complexity, 2FA, if available)
Flags: needinfo?(tweir) → needinfo?(yousef)
Comment 3•7 years ago
|
||
Looks like this was done anyway, although its throwing a cert error since its not a wildcard cert. Yousef is on LOA so I'm NIing Henrik to see if any additional action is needed
Flags: needinfo?(hmitsch)
Comment 4•7 years ago
|
||
Hi Tristan,
thanks for looping me in.
To your questions:
1. Owners/Admins: The Medium Account mozilla-open-innovation belongs to the Mozilla Open Innovation Team.
2. Access controls: I will find that out and get back to you.
I agree with your concerns. Let me get more information and get back to you in a few days. I will keep the NI open.
Best regards,
Henrik
Flags: needinfo?(yousef)
Comment 5•7 years ago
|
||
Time out, closing.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•