[sword-devel] Please support HTTPS repositories.

Greg Hellings greg.hellings at gmail.com
Sat Jan 15 22:44:40 EST 2022

On Sat, Jan 15, 2022, 21:24 Michael Johnson <Michael at ebible.org> wrote:

> I thank God for you all who volunteer to work on the Sword Project.
> I have been upgrading and refining my server layout for eBible.org and a
> dozen other Bible sites. Keeping FTP going is becoming harder all of the
> time. Indeed, HTTP (not S) is getting harder, too. HTTPS is the
> future-resistant protocol to access a Sword repository. I think this is not
> a problem for currently updated Sword front ends using current back ends.
> However, the ancient FTP protocol is a terrible protocol to rely on because
> by default, there is no security to it at all for authentication or content
> protection. It is easy to abuse. All major browsers have now stopped
> supporting it. HTTP without TLS is likewise lacking, but at least it is
> mostly supported by major browsers and libraries. Google and Apple are
> nudging everyone to use HTTPS instead of HTTP. Of course, mainland China
> often blocks HTTPS traffic, trying to force traffic into the clear where it
> is easier to spy on and modify. It is a strange political environment,
> indeed.

Any build using the libcurl interfaces should support HTTPS without any
modifications necessary, provided libcurl was compiled with SSL/TLS
support. But I owe Troy an overdue response to our conversation back in
November wherein I test that to be sure.

> THEREFORE, the eBible.org Sword repository at https://eBible.org/sword/
> is the preferred repository to use for the modules I maintain.
> I try to keep http://eBible.org/sword/ (not https) working, but it is
> getting hard to test that, as most modern browsers "help" me to a more
> secure connection.

You should be able to use CURL on the command line to check. I believe it
won't follow Location header redirects by default (if it does, then there
is a command line switch to disable it), so you should be able to check
easily in an automated fashion using that.

> Anonymous FTP does not work on the main eBible.org (no ftp.) server. It
> does work most of the time on a separate machine named ftp.eBible.org.
> That machine is running a software configuration with a known bug that I
> don't yet know how to work around that causes it to go down at seemingly
> random times, usually when I'm asleep or out of my office.

It is a shame that FTP has gotten such a bad rap. Yes, it's plaintext but
there ARE times when encryption is unnecessary and just a burden. This is
one of those times.


> Just FYI...
> --
> signature
> Aloha,
> */Michael Johnson/**
> 26 HIWALANI LOOP • MAKAWAO HI 96768-8747*• USA
> mljohnson.org <https://mljohnson.org/> • eBible.org <https://eBible.org>
> • WorldEnglish.Bible <https://WorldEnglish.Bible> • PNG.Bible <
> https://PNG.Bible>
> Signal/Telegram/WhatsApp/Telephone: +1 808-333-6921
> Skype: kahunapule • Telegram/Twitter: @kahunapule • Facebook:
> fb.me/kahunapule <https://www.facebook.com/kahunapule>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://crosswire.org/pipermail/sword-devel/attachments/20220115/f877f428/attachment.html>

More information about the sword-devel mailing list