G oog le BadWeB | Login/out | Topics | Search | Custodians | Register | Edit Profile

Buell Forum » Quick Board » Archive through August 09, 2017 » BadWeB to be https secured for your protection (in work) « Previous Next »

Author Message
Top of pagePrevious messageNext messageBottom of page Link to this message

Blake
Posted on Sunday, July 23, 2017 - 07:49 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Thanks to our sysadmin Brian for securing our little corner on the web.
Top of pagePrevious messageNext messageBottom of page Link to this message

Greg_e
Posted on Sunday, July 23, 2017 - 08:01 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Not showing as secured, still same old http.
Top of pagePrevious messageNext messageBottom of page Link to this message

Froggy
Posted on Sunday, July 23, 2017 - 10:13 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Looks like it only works if you put the S after http, but the second you click a link it drops the https. Even pressing the post button drops it.
Top of pagePrevious messageNext messageBottom of page Link to this message

Pwnzor
Posted on Sunday, July 23, 2017 - 11:08 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Secured from what? Is somebody storing private data here?
Top of pagePrevious messageNext messageBottom of page Link to this message

Greg_e
Posted on Sunday, July 23, 2017 - 11:51 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

In theory your password could get lifted, and any text you post could be intercepted. Google ranks you lower if you aren't encrypted. But the price many hosts rip you off to provide this is dumb. There is a free certificate site called let's encrypt that can be used for those that don't want to pay the hosting companies ransom.

https://letsencrypt.org/

But this old forum software probably won't do the redirects needed for this to work.
Top of pagePrevious messageNext messageBottom of page Link to this message

86129squids
Posted on Monday, July 24, 2017 - 12:22 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Top of pagePrevious messageNext messageBottom of page Link to this message

Blake
Posted on Monday, July 24, 2017 - 03:17 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Had some issues. Still working it out.
Top of pagePrevious messageNext messageBottom of page Link to this message

Pwnzor
Posted on Monday, July 24, 2017 - 06:46 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Thanks for the explanation, good luck with the process.

For my part, I don't use passwords on forums that are the same as anything important in my life such as financial institutions. It never ceases to amaze me that people will use the same password everywhere.

Top of pagePrevious messageNext messageBottom of page Link to this message

Hootowl
Posted on Monday, July 24, 2017 - 09:04 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

"Is somebody storing private data here?"

TLS protects data in motion, not at rest. Storage encryption is a different ball of wax.

Suggest setting up a redirect, so that traffic is switched from port 80 to 443 automagically.
Top of pagePrevious messageNext messageBottom of page Link to this message

Ltbuell
Posted on Monday, July 24, 2017 - 10:28 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

..aaahhh thanks,guys...made my mornin' with those two vids....use to watch Max Headroom all the time......and the Spaceballs funnies...well the whole movie's funny...can't go wrong with a Mel Brooks movie...again thanks started my week and Monday off great....LT
Top of pagePrevious messageNext messageBottom of page Link to this message

Froggy
Posted on Monday, July 24, 2017 - 10:55 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

Yea presently without HTTPS, Badweb sends your login and password in plain text over the internet, you can easily read it using any sniffing program. As Badweb doesn't collect credit cards or other personal information it isn't a huge issue, but you shouldn't use the same password on Badweb as you do elsewhere.
Top of pagePrevious messageNext messageBottom of page Link to this message

Ourdee
Posted on Monday, July 24, 2017 - 11:44 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only) Ban Poster IP (Custodian/Admin only)

I just use a "p" for my password here. It is easiest to hit right by the "enter" when I'm posting.
« Previous Next »

Add Your Message Here
Post:
Bold text Italics Underline Create a hyperlink Insert a clipart image

Username: Posting Information:
This is a public posting area. Enter your username and password if you have an account. Otherwise, enter your full name as your username and leave the password blank. Your e-mail address is optional.
Password:
E-mail:
Options: Post as "Anonymous" (Valid reason required. Abusers will be exposed. If unsure, ask.)
Enable HTML code in message
Automatically activate URLs in message
Action:

Topics | Last Day | Tree View | Search | User List | Help/Instructions | Rules | Program Credits Administration