Le jeudi 05 septembre 2019 à 08:09 -0400, Paul Frields a écrit :
Off the top of my head...
On Thu, Sep 5, 2019 at 7:43 AM Michael Scherer <mscherer(a)redhat.com>
wrote:
> Hi,
>
> so as I said in the meeting earlier toda^w yesterday, we (or rather
> Jason) did copy the prod instance to a staging instance on
>
https://fedoramagstg.wpengine.com/
>
> However, it seems we can't add a vhost for that instance, which is
> less
> than ideal, as I need now to change the name everywhere.
>
> So, while doing so, I also had a few questions:
>
> - as staging tend to be forgotten, would it be ok to password
> protect
> the website so it can be safely protected from worm until we need
> it ?
>
Yes.
> If so, where should it be stored, the goal being just to avoid
> automated scanning (so I was think some easy passwords in the doc,
> since the goal is just to prevent potential automated attacks) ?
>
Not sure what you mean here -- you mean put the passwords in a doc
somewhere?
Yup, I know that best practice is to encrypt etc, but there is a
administrative cost in doing so if there is no infra to store such
passwords safely, so I would just propose to add that in the public
documentation, and say "the staging instance is protected from
automated scanner with "foo"/"password"".
That's slightly less worst than having it directly exposed, but I am
not sure there is anything interesting in the first place. The posts
are public, there will be no web exposure (or any win in SEO or malware
distribution) after a compromise (due to password protection).
Worst case in case of compromise is that someone would just get a few
emails, and I am not sure they can't be already harvested somewhere
else in FAS anyway.
- how up to date do we want it to be regarding posts, etc ?
> (I think we can't do a regular automated sync easily, so if that's
> needed, I will have to find some way to automate that)
>
Doesn't need to be sync'd all the time. If the current content is
needed we
can always ask.
> - do we want to have it plugged to the prod instance of FAS or the
> staging one ?
> (for now, that's the staging one)
Staging seems right to me.
Ok, we need to keep that in mind if we sync again, this will be
erased/forgotten.
I will take care of that next week.
--
Michael Scherer / He/Il/Er/Él
Sysadmin, Community Infrastructure