January 2006 Archives

Secured by thawte

| 1 Comment

If you connect to any sites with the blogs.princeton.edu domain via a secure (SSL) connection (ex. https://blogs.princeton.edu), you should see a lock icon in either the bottom status bar or the top title bar of your browser. If you click on that icon, you can now view the Thawte-verified certificate information for this site.

What this means is that we are now ready, upon request, to create LDAP password-protected blogs, requiring users to connect via a secure connection (https://). This way LDAP passwords won’t be sent over the network “in the clear” for users who visit those secured blogs, and those visitors will not have to click through any ominous “this is not a trusted site” dialogs.

thawte cert logo mockup

One caveat is that on-campus users who try to use the shortcut https://blogs/ to connect to https://blogs.princeton.edu/ will see a warning dialog that states that you have attempted to connect to blogs; however, the security certificate presented belongs to blogs.princeton.edu.

Clarification: The LDAP integration is only for password-protecting an individual weblog’s pages and/or associated files. It is done at the Apache server level and uses an “.htaccess” file that we can create upon request. Unfortunately, we do not yet have any way to use LDAP to manage netIDs and passwords for author log-ins to the Movable Type admin interface.

Thumbnail problem

Update 4/01: This entry is now moot with the successful installation of NetPBM.

On the new weblog server installation, we have had trouble getting the ImageMagick Perl module to compile and install.

Without ImageMagick, the Upload File dialog loses the functionality of auto-generating image thumbnails based on the dimensions the author specifies.

Instead, Movable Type generates code for a “View Image” text link that, when clicked, displays the uploaded image at its original size.

We are working to restore the thumbnail functionality, and I will post a message here as soon as we have successfully re-installed ImageMagick.

In the interim, one can manually achieve the previous functionality. This will require manipulating the image with a desktop image application, then using the Upload File function twice. The steps are outlined after the jump.