General Security Issues

The following services of our project site require authentication for write-access:

•  Subversion
•  Trac

In order to get some write privileges to the Trac service, you may register yourself?.

WARNING: Those services will let you connect through an unencrypted HTTP channel. Whenever you want to authenticate non-anonymously, please ensure that you are actually connected through an encrypted channel.

SSL Issues

We host our project in a shared Subversion/Trac instance. We redirect our domain to the server which runs that instance, hence we cannot assign our own SSL certificate to our domain.

This means that when you will access our Subversion/Trac resources through HTTPS you will receive a security warning from your Subversion client, Web browser, or whatever software you may use. For example, in the Opera Web browser, that warning message will look like this:

The server's name "trac.wirexn.net" does not match the certificate's name "www.hosted-projects.com". Somebody may be trying to eavesdrop on you.

Really scary... ;-)

You should accept the connection in order to get an encrypted channel -- otherwise your credentials/session will travel in clear text!

These warnings can be really annoying... Some clients will let you accept the connection permanently, for example the Subversion client and Firefox 3.0.