Slitherine Forum should be HTTPS

Moderator: Slitherine Core

Post Reply
Stu2bee
Private First Class - Wehrmacht Inf
Private First Class - Wehrmacht Inf
Posts: 8
Joined: Sun Nov 30, 2014 11:45 pm

Slitherine Forum should be HTTPS

Post by Stu2bee » Sat Apr 06, 2019 6:09 pm

I thought it was industry practice now to have all sites (especially those you login to) to be HTTPS.
Anyone here that is using an open wifi (ie hotspots) can easily have their login credentials captured. Hopefully you are not using these same credentials for anything other than this forum.
If you think I'm offbase here, please post. I was surprised to see the "Not Secure" in the browser during authentication.

PeteMitchell_2
Lieutenant Colonel - Panther D
Lieutenant Colonel - Panther D
Posts: 1219
Joined: Tue Jul 10, 2018 1:18 pm

Re: Slitherine Forum should be HTTPS

Post by PeteMitchell_2 » Sun Apr 07, 2019 11:44 am

Thanks for pointing this out. I think this is a very serious topic. phpbb is possible on https, isn't it?

Stu2bee
Private First Class - Wehrmacht Inf
Private First Class - Wehrmacht Inf
Posts: 8
Joined: Sun Nov 30, 2014 11:45 pm

Re: Slitherine Forum should be HTTPS

Post by Stu2bee » Tue Apr 09, 2019 4:47 pm

The board could be converted to HTTPS...they already have a ssl cert for their store. Since it's the same URL I imagine it's just the process of updating the backend.

mbpopolano24
Senior Corporal - Ju 87G
Senior Corporal - Ju 87G
Posts: 84
Joined: Sat Jul 21, 2012 2:09 pm

Re: Slitherine Forum should be HTTPS

Post by mbpopolano24 » Wed Apr 10, 2019 11:05 pm

Yes please update the site

krakoburger
Lance Corporal - Panzer IA
Lance Corporal - Panzer IA
Posts: 14
Joined: Fri Jan 13, 2017 3:27 am

Re: Slitherine Forum should be HTTPS

Post by krakoburger » Wed Apr 17, 2019 11:32 pm

It's sort of absurd in 2019 for the site to not be secured.

PeteMitchell_2
Lieutenant Colonel - Panther D
Lieutenant Colonel - Panther D
Posts: 1219
Joined: Tue Jul 10, 2018 1:18 pm

Re: Slitherine Forum should be HTTPS

Post by PeteMitchell_2 » Mon Apr 22, 2019 12:14 pm

Well, unfortunately it seems that nobody from Slitherine has responded to this thread yet?

zakblood
Most Active User 2017
Most Active User 2017
Posts: 15418
Joined: Thu Jun 12, 2014 6:44 pm

Re: Slitherine Forum should be HTTPS

Post by zakblood » Mon Apr 22, 2019 12:39 pm

payment part is everything else isn't and not an issue for most, unless your using wifi on a unknown connection and most browsers and O/S even then, it doesn't affect, seen it on the first post, but as it's not the first one on the same subject, same answer applies

PeteMitchell_2
Lieutenant Colonel - Panther D
Lieutenant Colonel - Panther D
Posts: 1219
Joined: Tue Jul 10, 2018 1:18 pm

Re: Slitherine Forum should be HTTPS

Post by PeteMitchell_2 » Mon Apr 22, 2019 12:46 pm

I see, thanks, so I guess there are no plans to migrate it then.

zakblood
Most Active User 2017
Most Active User 2017
Posts: 15418
Joined: Thu Jun 12, 2014 6:44 pm

Re: Slitherine Forum should be HTTPS

Post by zakblood » Mon Apr 22, 2019 12:49 pm

no idea tbh, office is back open tomorrow and will ask, but normally on web sites, it's not needed as long as the payment part is secure, which it is

krakoburger
Lance Corporal - Panzer IA
Lance Corporal - Panzer IA
Posts: 14
Joined: Fri Jan 13, 2017 3:27 am

Re: Slitherine Forum should be HTTPS

Post by krakoburger » Wed May 22, 2019 8:30 pm

I'm not happy when I get a message that my credentials are being submitted on an in-secure log-in.

Flexderection
Private First Class - Opel Blitz
Private First Class - Opel Blitz
Posts: 2
Joined: Fri Jul 26, 2019 2:47 am

Re: Slitherine Forum should be HTTPS

Post by Flexderection » Fri Jul 26, 2019 2:50 am

How is it?

Captain_Orso
Corporal - 5 cm Pak 38
Corporal - 5 cm Pak 38
Posts: 44
Joined: Sun Jun 23, 2013 2:05 pm

Re: Slitherine Forum should be HTTPS

Post by Captain_Orso » Wed Jul 31, 2019 11:31 am

zakblood wrote:
Mon Apr 22, 2019 12:49 pm
no idea tbh, office is back open tomorrow and will ask, but normally on web sites, it's not needed as long as the payment part is secure, which it is
I'm sorry, but this IS AN ISSUE. It's a major security issue for every person using this site.

It's not a question of someone reading PM's or such. It's a question of someone gaining access to a member's password and their email address, and using those to gain access to other information of the user.

In this day and age, having to lecture a forum admin on data security is appalling. The information is freely available on the internet a thousand times over. There is no excuse for not protecting the information of your users.

PoorOldSpike
Captain - Heavy Cruiser
Captain - Heavy Cruiser
Posts: 907
Joined: Sun Aug 08, 2010 6:06 pm
Location: Plymouth, England

Re: Slitherine Forum should be HTTPS

Post by PoorOldSpike » Wed Jul 31, 2019 1:57 pm

I'm just a wargamer and know zilch about techy things, but if the problem manifests only with Wifi, can't it be solved if we plug our router directly into the PC instead of using Wifi?

Captain_Orso
Corporal - 5 cm Pak 38
Corporal - 5 cm Pak 38
Posts: 44
Joined: Sun Jun 23, 2013 2:05 pm

Re: Slitherine Forum should be HTTPS

Post by Captain_Orso » Fri Aug 02, 2019 12:00 am

It's not just an issue with WiFi, but public WiFi is one of the easiest ways to snoop. But unencoded communications -- HTTP instead of HTTPS --- is like having a really crappy lock on your front door. Anyone who has a little know-how can break into your home and steal anything laying about. Using HTTPS is like putting a really good lock on your door.

And since you are using your house for discussion groups to meet and visitors have to leave a copy of their ID's in your desk, which they also have to show at the door, if someone can break in through the flimsy lock on the front door, everyone's data is in jeopardy.

IainMcNeil
Site Admin
Site Admin
Posts: 13503
Joined: Fri Apr 01, 2005 10:19 am

Re: Slitherine Forum should be HTTPS

Post by IainMcNeil » Mon Aug 12, 2019 8:34 am

Our new website, releasing this week is https. It just wasn't practical to go back and do it before launching the new site.

IainMcNeil
Site Admin
Site Admin
Posts: 13503
Joined: Fri Apr 01, 2005 10:19 am

Re: Slitherine Forum should be HTTPS

Post by IainMcNeil » Mon Aug 12, 2019 5:02 pm

You should all see it as https now and a little lock / secure icon!

Post Reply

Return to “General Discussion”