No more login over SSL?
Previously I was able to log in to https://[myaccount].airbrakeapp.com. Now, when I try to visit this URL, I am redirected to the http version. Since there are details of my production software in this account, I do not want to log in unless it is over a secure connection.
I also tried https://[myaccount].airbrakeio.com, which doesn't work due to an SSL host mismatch. Yesterday I was able to log in at the old https://[myaccount].hoptoadapp.com URL, but today that's giving me "504 Gateway Time-out" errors. (Getting 504 timeouts on the airbrake.io home page as well, AND I just noticed, in notifier API.)
Is there a problem that's causing me to be redirected to a non-https URL, or did you just drop SSL support for the web app?
Comments are currently closed for this discussion. You can start a new one.
Support Staff 2 Posted by Morgan on 27 Apr, 2012 06:50 PM
Hi Nick,
We have recently been changed a lot with AirBrake.
Sorry for the hassle!
We have fixed the SSL as posted on AirBrake's Status Page
However, we are currently fixing some 500 errors that have been occurring.
Please try loging in from airbrakebeta.io for the mean time.
Let me know if this didn't solve your problem!
Morgan
Morgan closed this discussion on 27 Apr, 2012 06:50 PM.
Morgan re-opened this discussion on 02 May, 2012 04:50 PM
Support Staff 3 Posted by Morgan on 02 May, 2012 04:58 PM
Hi Nick,
We are so sorry to cause you such a hassle!
Our regular url airbrake.io is now back to normal.
If you were using the airbrakebeta.io url to bypass the 500 error,
it is now safe to switch back.
Again sorry for the downtime, we are a small team doing our best.
Feel free to drop us a line if you have any other problems
or if you have any feature requests that you think AirBrake should include.
Thank you for all of your patience!
Morgan
Morgan closed this discussion on 02 May, 2012 04:58 PM.
Nick Pearson re-opened this discussion on 02 May, 2012 05:13 PM
4 Posted by Nick Pearson on 02 May, 2012 05:13 PM
Hi Morgan,
Thanks for the update. However, I still have to manually change the URL
from http:// to https:// in order to log in over a secure connection. Even
when I did that, after logging in I was redirected to an http:// URL.
Did Airbrake drop support for https access to the web app?
Nick
Support Staff 5 Posted by Morgan on 03 May, 2012 03:44 AM
Hi Nick,
Sorry for the delay in response.
We are still working out all the kinks over here,
Including a fix for the SSL problems that have been coming up.
I would try this again tomorrow as well to see if the problem is not fixed.
I will continue to keep you updated!
Morgan
6 Posted by Nick Pearson on 21 May, 2012 07:55 PM
Hi Morgan,
I'm just checking in on the status of SSL logins. I am able to get to
https://[username].airbrake.io, but when I inspect the login form, I see
that it is posting to an http:// URL (and so my password will be sent in
the clear).
How can I log in over https?
Thanks,
Nick
Support Staff 7 Posted by Morgan on 21 May, 2012 10:13 PM
Hi Nick,
Thanks for pointing this out.
Since our site has valid SSL certificates The probability of a Man In the Middle Attack pretty slim since our side has a Valid Certificate.
I have made a ticket for this issue with the development team anyway just in case.
They will review the situation and take action from there!
Thank you for your feedback!
Let me know if you need anything else!
From,
Morgan
Morgan closed this discussion on 21 May, 2012 10:13 PM.
Nick Pearson re-opened this discussion on 22 May, 2012 05:22 PM
8 Posted by Nick Pearson on 22 May, 2012 05:22 PM
Hi Morgan,
Thanks for checking on this. Please let me know as soon as you have a
response.
Also, it's not a man-in-the-middle attack that's worrisome - it's the fact
that data sent in the clear can be snooped by anyone else on an open
wireless network or by anyone between my computer and the Airbrake servers.
Nick
Support Staff 9 Posted by Morgan on 23 May, 2012 04:59 PM
Hi Nick,
We will email you once the post is switched to a url with https.
Again thank you for your keen eye!
From,
Morgan
Morgan closed this discussion on 23 May, 2012 04:59 PM.