[gpodder-devel] secure gpodder.net

  • From: koeglstefan at gmail.com (Stefan Kögl)
  • Date: Mon, 10 Jan 2011 09:24:58 +0200

On Sun, Jan 9, 2011 at 4:14 PM, Bernd Schlapsi <brot at gmx.info> wrote:

> Would be nice to see some access/user statistics and some information
> about the server gpodder.net is running on at the moment.

gpodder.net is currently running on a virtual server from Host Europe
(see [1], unfortunately just in German)

Currently we have a bit more than 16,000 registered users. In December
2010 we've served a total of 7,520,856 requests (API and website)
which is about 2.8 requests per second on average. Additionally we
might have initiated about 5,000 outgoing requests per day for feed

>> Some time ago an Authentication API has been implemented (but no yet
>> documented). Once finished, we could use it so that at least the
>> authentication is done via https.
> This would be a step in the right direction, but wouldn't secure the
> service that much.
> A few month ago the Firefox extension Firesheep demonstrated that only a
> https connection could secure the Authentication and Session
> information.
> I'm aware that the information on gpodder.net isn't that sensitive, but
> I prefer to use https with cloud services.

I've added a very rough description of the current implementation in
[2]. You can do some testing against the production webservice if you
want to. If you do, please report any bugs you might encounter.

-- Stefan

[1] http://www.hosteurope.de/produkt/Virtual-Server-Linux-XL
[2] http://wiki.gpodder.org/wiki/Web_Services/API/Drafts

Other related posts: