Slitherine Forum should be HTTPS
Moderator: Slitherine Core
Slitherine Forum should be HTTPS
I thought it was industry practice now to have all sites (especially those you login to) to be HTTPS.
Anyone here that is using an open wifi (ie hotspots) can easily have their login credentials captured. Hopefully you are not using these same credentials for anything other than this forum.
If you think I'm offbase here, please post. I was surprised to see the "Not Secure" in the browser during authentication.
Anyone here that is using an open wifi (ie hotspots) can easily have their login credentials captured. Hopefully you are not using these same credentials for anything other than this forum.
If you think I'm offbase here, please post. I was surprised to see the "Not Secure" in the browser during authentication.
-
- Major-General - Tiger I
- Posts: 2328
- Joined: Tue Jul 10, 2018 1:18 pm
Re: Slitherine Forum should be HTTPS
Thanks for pointing this out. I think this is a very serious topic. phpbb is possible on https, isn't it?
Comprehensive Battlefield Europe AAR:
http://www.slitherine.com/forum/viewtopic.php?f=145&t=86481
http://www.slitherine.com/forum/viewtopic.php?f=145&t=86481
Re: Slitherine Forum should be HTTPS
The board could be converted to HTTPS...they already have a ssl cert for their store. Since it's the same URL I imagine it's just the process of updating the backend.
-
- Senior Corporal - Ju 87G
- Posts: 90
- Joined: Sat Jul 21, 2012 2:09 pm
Re: Slitherine Forum should be HTTPS
Yes please update the site
-
- Lance Corporal - Panzer IA
- Posts: 14
- Joined: Fri Jan 13, 2017 3:27 am
Re: Slitherine Forum should be HTTPS
It's sort of absurd in 2019 for the site to not be secured.
-
- Major-General - Tiger I
- Posts: 2328
- Joined: Tue Jul 10, 2018 1:18 pm
Re: Slitherine Forum should be HTTPS
Well, unfortunately it seems that nobody from Slitherine has responded to this thread yet?
Comprehensive Battlefield Europe AAR:
http://www.slitherine.com/forum/viewtopic.php?f=145&t=86481
http://www.slitherine.com/forum/viewtopic.php?f=145&t=86481
Re: Slitherine Forum should be HTTPS
payment part is everything else isn't and not an issue for most, unless your using wifi on a unknown connection and most browsers and O/S even then, it doesn't affect, seen it on the first post, but as it's not the first one on the same subject, same answer applies
-
- Major-General - Tiger I
- Posts: 2328
- Joined: Tue Jul 10, 2018 1:18 pm
Re: Slitherine Forum should be HTTPS
I see, thanks, so I guess there are no plans to migrate it then.
Comprehensive Battlefield Europe AAR:
http://www.slitherine.com/forum/viewtopic.php?f=145&t=86481
http://www.slitherine.com/forum/viewtopic.php?f=145&t=86481
Re: Slitherine Forum should be HTTPS
no idea tbh, office is back open tomorrow and will ask, but normally on web sites, it's not needed as long as the payment part is secure, which it is
-
- Lance Corporal - Panzer IA
- Posts: 14
- Joined: Fri Jan 13, 2017 3:27 am
Re: Slitherine Forum should be HTTPS
I'm not happy when I get a message that my credentials are being submitted on an in-secure log-in.
-
- Private First Class - Opel Blitz
- Posts: 2
- Joined: Fri Jul 26, 2019 2:47 am
Re: Slitherine Forum should be HTTPS
How is it?
-
- Corporal - 5 cm Pak 38
- Posts: 44
- Joined: Sun Jun 23, 2013 2:05 pm
Re: Slitherine Forum should be HTTPS
I'm sorry, but this IS AN ISSUE. It's a major security issue for every person using this site.
It's not a question of someone reading PM's or such. It's a question of someone gaining access to a member's password and their email address, and using those to gain access to other information of the user.
In this day and age, having to lecture a forum admin on data security is appalling. The information is freely available on the internet a thousand times over. There is no excuse for not protecting the information of your users.
-
- Colonel - Ju 88A
- Posts: 1590
- Joined: Sun Aug 08, 2010 6:06 pm
- Location: Plymouth, England
Re: Slitherine Forum should be HTTPS
I'm just a wargamer and know zilch about techy things, but if the problem manifests only with Wifi, can't it be solved if we plug our router directly into the PC instead of using Wifi?
-
- Corporal - 5 cm Pak 38
- Posts: 44
- Joined: Sun Jun 23, 2013 2:05 pm
Re: Slitherine Forum should be HTTPS
It's not just an issue with WiFi, but public WiFi is one of the easiest ways to snoop. But unencoded communications -- HTTP instead of HTTPS --- is like having a really crappy lock on your front door. Anyone who has a little know-how can break into your home and steal anything laying about. Using HTTPS is like putting a really good lock on your door.
And since you are using your house for discussion groups to meet and visitors have to leave a copy of their ID's in your desk, which they also have to show at the door, if someone can break in through the flimsy lock on the front door, everyone's data is in jeopardy.
And since you are using your house for discussion groups to meet and visitors have to leave a copy of their ID's in your desk, which they also have to show at the door, if someone can break in through the flimsy lock on the front door, everyone's data is in jeopardy.
-
- Site Admin
- Posts: 13558
- Joined: Fri Apr 01, 2005 10:19 am
Re: Slitherine Forum should be HTTPS
Our new website, releasing this week is https. It just wasn't practical to go back and do it before launching the new site.
-
- Site Admin
- Posts: 13558
- Joined: Fri Apr 01, 2005 10:19 am
Re: Slitherine Forum should be HTTPS
You should all see it as https now and a little lock / secure icon!
-
- Private First Class - Opel Blitz
- Posts: 2
- Joined: Wed Nov 20, 2019 8:36 pm
Re: Slitherine Forum should be HTTPS
Thanks for pointing this out. I think this is a very serious topic. phpbb is possible on https, isn't it?
Re: Slitherine Forum should be HTTPS
Mine is still showing not secure?
Visit us - 'THE WGCG' http://www.ww2wargamesclubforgentlemen.com/
-
- Sergeant - Panzer IIC
- Posts: 196
- Joined: Sat Apr 15, 2017 3:30 pm
Re: Slitherine Forum should be HTTPS
Yeah, me to
Re: Slitherine Forum should be HTTPS
It looks like the redirect links from Matrix (how I got here) are still pointing to the http site. So they didn't make SSL mandatory for the site, but it is still available. Manually add the https in front your address and you'll be in the secure site.