Thursday, December 5, 2013

Coming soon: HTTPS-only on SUSE Studio

One of our biggest responsibilities with SUSE Studio, is to keep our user's data safe.

In order to better meet that responsibility, we're moving towards only allowing HTTPS, and dropping unencrypted HTTP connections.

The first phase involves the appliance builder, gallery, and API, where unencrypted HTTP will be switched off in January 2014.  This represents a significant increase in security on our API, which uses HTTP BASIC authentication, and covers most of Studio's surface area. Unencrypted requests will be redirected to https://susestudio.com, and from there, logins will only be accepted via HTTPS.

Testdrive will be transitioned to HTTPS at a later date, once we've completed some necessary backend improvements to allow end-to-end SSL from your browser to the appliance being testdriven.

In the meantime, we encourage you to use HTTPS whenever possible, for your own safety.


Update: Studio API is scheduled to be updated to HTTPS-only on Monday, February 3, 2014. Unencrypted HTTP requests will meet status code 301 Moved Permanently.

Update: SUSE Studio's appliance editor, gallery, and API are now HTTPS-only.  If you have any trouble with your session, clear your browser cookies & cache, and log back into https://susestudio.com .

Testdrives are still served via unencrypted http, for now.
 
© 2013 SUSE