Opened 14 years ago

Last modified 6 years ago

#17 new enhancement

switch to *.scripts.mit.edu and disable scripts.mit.edu/~username

Reported by: andersk Owned by:
Priority: major Milestone:
Component: web Keywords:
Cc:

Description

(Imported from help.mit.edu #424130.)

geofft:

We've had *.scripts working since mid-October. We should start to publicize these URLs more aggressively, and announce an end-of-life date for the scripts/~ URLs sometime early spring term.

Change History (9)

comment:1 follow-up: Changed 14 years ago by price

  • Priority changed from minor to critical

Once we no longer support /~lockername URIs (except with a redirect to lockername.scripts/~lockername or something, to avoid breaking links), we'll have more freedom in building a nice web-based vhost-management system for users, which will take a steady load out of the RT queue and likely also increase the volume of users taking advantage of vhosts.

comment:2 Changed 14 years ago by price

Blocking on #47 and #48. Then we can make a good start on this task proper just by removing scripts/~ URIs from the scripts/web introduction.

comment:3 in reply to: ↑ 1 Changed 14 years ago by price

Once we no longer support /~lockername URIs (except with a redirect to lockername.scripts/~lockername or something, to avoid breaking links), we'll have more freedom in building a nice web-based vhost-management system for users, which will take a steady load out of the RT queue and likely also increase the volume of users taking advantage of vhosts.

IOW, in doing #3.

comment:4 Changed 10 years ago by adehnert

I believe that we now use locker.scripts.mit.edu exclusively in autoinstalls now. We should discuss a deprecation process for scripts.mit.edu/~locker.

comment:5 Changed 10 years ago by adehnert

  • Summary changed from switch to *.scripts.mit.edu to switch to *.scripts.mit.edu and disable scripts.mit.edu/~username

Anders claims that the only thing left is checking if any Wordpresses think they're at scripts.mit.edu/~username, and if so fixing them.

comment:6 follow-up: Changed 10 years ago by andersk

We can’t finish this transition for lockers that aren’t valid hostnames until we do #262. We could do it for the lockers that are, assuming there are no affected Wordpress installs.

comment:7 in reply to: ↑ 6 Changed 9 years ago by adehnert

Replying to andersk:

We can’t finish this transition for lockers that aren’t valid hostnames until we do #262. We could do it for the lockers that are, assuming there are no affected Wordpress installs.

#262 is really three underlying issues:

  • #106: I think I'm comfortable saying "your SSL usage gives a warning when you have a dot in your name, unless you grab mit6858.mit.edu and use that" (redirection of legacy URLs using HTTPS will produce a warning, but that's also okay, I think)
  • #171: it sounds like we only really care for initial or terminal underscores. New users are unlikely to realize the scripts/~username approach exists, and we only have one current user.
  • #176: entirely irrelevant to this issue

In summary, I think I'm personally okay with deciding I don't care about these issues.

comment:8 Changed 8 years ago by adehnert

We decided we were happy disabling scripts/~user, as follows:

  • we will log accesses (#391) and contact users who are using this feature, to tell them to stop
  • we will add a redirect from scripts/~user/ -> user.scripts/~user/
  • we will fix old wordpresses, using parallel-find and mysql DB munging (presumably only making changes for installs where scripts-security-upd has bits)

comment:9 Changed 6 years ago by adehnert

We should probably scan our documentation for uses of tilde URLs -- in particular, see #416.

Note: See TracTickets for help on using tickets.