http:// instead of https://

A single berserk reached us yesterday, after having come all the way over the mountains from the city of Willow, fourteen hundred miles away. He delivered to Alric a single package the size of a man's fist, wrapped in rags, and refuses to talk with anyone about events in the West.
Chickenwire
Posts: 5
Joined: 23 Nov 2012, 05:09
Contact:

http:// instead of https://

Post by Chickenwire »

is this website safe?
Chickenwire
Posts: 5
Joined: 23 Nov 2012, 05:09
Contact:

Re: http:// instead of https://

Post by Chickenwire »

Posted this here because Par killed the other thread with his unexplained and really shitty gifs!
User avatar
toxyn
Posts: 95
Joined: 03 Oct 2012, 19:29
Contact:

Re: http:// instead of https://

Post by toxyn »

don't use the same password here that you use for eharmony

Image
User avatar
falcon
Posts: 249
Joined: 14 Nov 2012, 19:43
Contact:

Re: http:// instead of https://

Post by falcon »

SSL for full domain costs like 60$.
Guess Mr. Cutard is willing to donate.
Cutard
Posts: 318
Joined: 05 Dec 2012, 18:47
Contact:

Re: http:// instead of https://

Post by Cutard »

I realize the gross monthly salary in the Pakistani army is the equivalent to a 20 piece chicken mcnugget but I'm afraid guest has a valid point. Fortunately this game is pretty dead so the amount of visitors and damage will be minimal, not that anyone would give a shit if the likes of Falcon and Pogue got hacked.
punkUser
Posts: 1415
Joined: 16 Nov 2012, 23:13
Contact:

Re: http:// instead of https://

Post by punkUser »

SSL (https) only encrypts the connection between you and the web server. I hope you're not under some sort of impression that the web server doesn't see your password in plain text, because it does... always...

More importantly though, you really have to enable persistent logins. It's ridiculous to have to relogin every time I come to the web site. What's the argument for not having this on in the first place?
User avatar
toxyn
Posts: 95
Joined: 03 Oct 2012, 19:29
Contact:

Re: http:// instead of https://

Post by toxyn »

Persistent logins have been enabled.
punkUser
Posts: 1415
Joined: 16 Nov 2012, 23:13
Contact:

Re: http:// instead of https://

Post by punkUser »

I see the button but I'm still getting logged out when closing my browser... clear some sort of cookie issue. I'm on stock Chrome, Win7 x64, no plugins.
User avatar
toxyn
Posts: 95
Joined: 03 Oct 2012, 19:29
Contact:

Re: http:// instead of https://

Post by toxyn »

I'm not sure what else can be done on my end. Can you double check your settings to be sure cookie/session data isn't cleared when you quit? I've reviewed cookie and session settings numerous times. I've did some googling to try and find other people with similar issues and didn't find any solutions -- just other people reporting the same problem.
punkUser
Posts: 1415
Joined: 16 Nov 2012, 23:13
Contact:

Re: http:// instead of https://

Post by punkUser »

Yeah I seem to only have the issue at work, so perhaps some network config thing could be affecting it there (although that's slightly odd). No issue on other phpbb forums, so not sure what's up, but thought I'd report it anyways. Not a huge deal since it seems to work fine at home.
User avatar
toxyn
Posts: 95
Joined: 03 Oct 2012, 19:29
Contact:

Re: http:// instead of https://

Post by toxyn »

If that's the case it sounds like I might actually have to tone down our session ip validation settings (https://www.phpbb.com/support/documenta ... r_security). Try to see if the same problem happens again at work. Is your home ip static?
punkUser
Posts: 1415
Joined: 16 Nov 2012, 23:13
Contact:

Re: http:// instead of https://

Post by punkUser »

I'll give it a try tomorrow at work. My home IP isn't static either, but it's "more static". Definitely I also noticed today that it had logged me off again at home, so maybe that's it.
Dantski
Posts: 437
Joined: 15 Nov 2012, 16:35
Contact:

Re: http:// instead of https://

Post by Dantski »

I'm using whatever the latest version of IE is with Windows 7. If I click in forums for persistent login, then when I come back to the site from the main page it shows me logged in as anonymous in the top right, when I click on forum it doesn't show me logged in.
User avatar
falcon
Posts: 249
Joined: 14 Nov 2012, 19:43
Contact:

Re: http:// instead of https://

Post by falcon »

Cutard wrote:I realize the gross monthly salary in the Pakistani army is the equivalent to a 20 piece chicken mcnugget but I'm afraid guest has a valid point. Fortunately this game is pretty dead so the amount of visitors and damage will be minimal, not that anyone would give a shit if the likes of Falcon and Pogue got hacked.
sup prom queen Cu.
liger
Posts: 26
Joined: 21 Nov 2012, 19:46
Contact:

Re: http:// instead of https://

Post by liger »

the webserver sees the passwords as plain texts but administrators dont. the built in software prevents that which can be really annoying when having to manually reset pw's from the db..
punkUser
Posts: 1415
Joined: 16 Nov 2012, 23:13
Contact:

Re: http:// instead of https://

Post by punkUser »

liger wrote:the webserver sees the passwords as plain texts but administrators dont. the built in software prevents that which can be really annoying when having to manually reset pw's from the db..
Sure, but anyone with access to the php code could trivially modify it to reveal plain text passwords. I'm just saying that HTTPS does nothing to "protect" you if you don't trust the web server/administrator.
Dantski
Posts: 437
Joined: 15 Nov 2012, 16:35
Contact:

Re: http:// instead of https://

Post by Dantski »

To go on from my previous post...

If I have it set to remember me after logging in and then when I come back, I go directly to the forums without going to the main site first, then it keeps me logged in.
User avatar
toxyn
Posts: 95
Joined: 03 Oct 2012, 19:29
Contact:

Re: http:// instead of https://

Post by toxyn »

Thanks for the feedback, dantski. I've made a quick change to handling cookies on the main site. Try the same thing and let me know if you still get signed out.
Dantski
Posts: 437
Joined: 15 Nov 2012, 16:35
Contact:

Re: http:// instead of https://

Post by Dantski »

Ok it shows me logged in as Dantski on entering both main site and forum now.

GJ Tox
User avatar
toxyn
Posts: 95
Joined: 03 Oct 2012, 19:29
Contact:

Re: http:// instead of https://

Post by toxyn »

Great, thanks. I found some things I want to change along the way. Still, hopefully this update will help a lot of the people having logout issues.
Dantski
Posts: 437
Joined: 15 Nov 2012, 16:35
Contact:

Re: http:// instead of https://

Post by Dantski »

Actually scrap what I posted, navigated to main page and it showed me as anonymous and then it showed me logged out when I went to forum.
par73
Posts: 3033
Joined: 15 Nov 2012, 15:33
Contact:

Re: http:// instead of https://

Post by par73 »

i smoked crack in a cab
stab u with the sharpest knife i could grab
come back a week later reopen your scab
User avatar
toxyn
Posts: 95
Joined: 03 Oct 2012, 19:29
Contact:

Re: http:// instead of https://

Post by toxyn »

Dantski wrote:Actually scrap what I posted, navigated to main page and it showed me as anonymous and then it showed me logged out when I went to forum.
Alright. Well, I'll have some new things to try over the weekend. Bear with me until then if you can, please.
Post Reply