Slitherine Forum should be HTTPS

Moderator: Slitherine Core

Stu2bee
Private First Class - Wehrmacht Inf
Private First Class - Wehrmacht Inf
Posts: 8
Joined: Sun Nov 30, 2014 11:45 pm

Slitherine Forum should be HTTPS

Post by Stu2bee »

I thought it was industry practice now to have all sites (especially those you login to) to be HTTPS.
Anyone here that is using an open wifi (ie hotspots) can easily have their login credentials captured. Hopefully you are not using these same credentials for anything other than this forum.
If you think I'm offbase here, please post. I was surprised to see the "Not Secure" in the browser during authentication.
PeteMitchell
Major-General - Tiger I
Major-General - Tiger I
Posts: 2328
Joined: Tue Jul 10, 2018 1:18 pm

Re: Slitherine Forum should be HTTPS

Post by PeteMitchell »

Thanks for pointing this out. I think this is a very serious topic. phpbb is possible on https, isn't it?
Comprehensive Battlefield Europe AAR:
http://www.slitherine.com/forum/viewtopic.php?f=145&t=86481
Stu2bee
Private First Class - Wehrmacht Inf
Private First Class - Wehrmacht Inf
Posts: 8
Joined: Sun Nov 30, 2014 11:45 pm

Re: Slitherine Forum should be HTTPS

Post by Stu2bee »

The board could be converted to HTTPS...they already have a ssl cert for their store. Since it's the same URL I imagine it's just the process of updating the backend.
mbpopolano24
Senior Corporal - Ju 87G
Senior Corporal - Ju 87G
Posts: 90
Joined: Sat Jul 21, 2012 2:09 pm

Re: Slitherine Forum should be HTTPS

Post by mbpopolano24 »

Yes please update the site
krakoburger
Lance Corporal - Panzer IA
Lance Corporal - Panzer IA
Posts: 14
Joined: Fri Jan 13, 2017 3:27 am

Re: Slitherine Forum should be HTTPS

Post by krakoburger »

It's sort of absurd in 2019 for the site to not be secured.
PeteMitchell
Major-General - Tiger I
Major-General - Tiger I
Posts: 2328
Joined: Tue Jul 10, 2018 1:18 pm

Re: Slitherine Forum should be HTTPS

Post by PeteMitchell »

Well, unfortunately it seems that nobody from Slitherine has responded to this thread yet?
Comprehensive Battlefield Europe AAR:
http://www.slitherine.com/forum/viewtopic.php?f=145&t=86481
zakblood
Most Active User 2017
Most Active User 2017
Posts: 16496
Joined: Thu Jun 12, 2014 6:44 pm

Re: Slitherine Forum should be HTTPS

Post by zakblood »

payment part is everything else isn't and not an issue for most, unless your using wifi on a unknown connection and most browsers and O/S even then, it doesn't affect, seen it on the first post, but as it's not the first one on the same subject, same answer applies
PeteMitchell
Major-General - Tiger I
Major-General - Tiger I
Posts: 2328
Joined: Tue Jul 10, 2018 1:18 pm

Re: Slitherine Forum should be HTTPS

Post by PeteMitchell »

I see, thanks, so I guess there are no plans to migrate it then.
Comprehensive Battlefield Europe AAR:
http://www.slitherine.com/forum/viewtopic.php?f=145&t=86481
zakblood
Most Active User 2017
Most Active User 2017
Posts: 16496
Joined: Thu Jun 12, 2014 6:44 pm

Re: Slitherine Forum should be HTTPS

Post by zakblood »

no idea tbh, office is back open tomorrow and will ask, but normally on web sites, it's not needed as long as the payment part is secure, which it is
krakoburger
Lance Corporal - Panzer IA
Lance Corporal - Panzer IA
Posts: 14
Joined: Fri Jan 13, 2017 3:27 am

Re: Slitherine Forum should be HTTPS

Post by krakoburger »

I'm not happy when I get a message that my credentials are being submitted on an in-secure log-in.
Flexderection
Private First Class - Opel Blitz
Private First Class - Opel Blitz
Posts: 2
Joined: Fri Jul 26, 2019 2:47 am

Re: Slitherine Forum should be HTTPS

Post by Flexderection »

How is it?
Captain_Orso
Corporal - 5 cm Pak 38
Corporal - 5 cm Pak 38
Posts: 44
Joined: Sun Jun 23, 2013 2:05 pm

Re: Slitherine Forum should be HTTPS

Post by Captain_Orso »

zakblood wrote: Mon Apr 22, 2019 12:49 pm no idea tbh, office is back open tomorrow and will ask, but normally on web sites, it's not needed as long as the payment part is secure, which it is
I'm sorry, but this IS AN ISSUE. It's a major security issue for every person using this site.

It's not a question of someone reading PM's or such. It's a question of someone gaining access to a member's password and their email address, and using those to gain access to other information of the user.

In this day and age, having to lecture a forum admin on data security is appalling. The information is freely available on the internet a thousand times over. There is no excuse for not protecting the information of your users.
PoorOldSpike
Colonel - Ju 88A
Colonel - Ju 88A
Posts: 1589
Joined: Sun Aug 08, 2010 6:06 pm
Location: Plymouth, England

Re: Slitherine Forum should be HTTPS

Post by PoorOldSpike »

I'm just a wargamer and know zilch about techy things, but if the problem manifests only with Wifi, can't it be solved if we plug our router directly into the PC instead of using Wifi?
Captain_Orso
Corporal - 5 cm Pak 38
Corporal - 5 cm Pak 38
Posts: 44
Joined: Sun Jun 23, 2013 2:05 pm

Re: Slitherine Forum should be HTTPS

Post by Captain_Orso »

It's not just an issue with WiFi, but public WiFi is one of the easiest ways to snoop. But unencoded communications -- HTTP instead of HTTPS --- is like having a really crappy lock on your front door. Anyone who has a little know-how can break into your home and steal anything laying about. Using HTTPS is like putting a really good lock on your door.

And since you are using your house for discussion groups to meet and visitors have to leave a copy of their ID's in your desk, which they also have to show at the door, if someone can break in through the flimsy lock on the front door, everyone's data is in jeopardy.
IainMcNeil
Site Admin
Site Admin
Posts: 13558
Joined: Fri Apr 01, 2005 10:19 am

Re: Slitherine Forum should be HTTPS

Post by IainMcNeil »

Our new website, releasing this week is https. It just wasn't practical to go back and do it before launching the new site.
IainMcNeil
Site Admin
Site Admin
Posts: 13558
Joined: Fri Apr 01, 2005 10:19 am

Re: Slitherine Forum should be HTTPS

Post by IainMcNeil »

You should all see it as https now and a little lock / secure icon!
mejoikssss
Private First Class - Opel Blitz
Private First Class - Opel Blitz
Posts: 2
Joined: Wed Nov 20, 2019 8:36 pm

Re: Slitherine Forum should be HTTPS

Post by mejoikssss »

Thanks for pointing this out. I think this is a very serious topic. phpbb is possible on https, isn't it?
noissy
Corporal - 5 cm Pak 38
Corporal - 5 cm Pak 38
Posts: 49
Joined: Sat Dec 09, 2017 9:01 pm

Re: Slitherine Forum should be HTTPS

Post by noissy »

Mine is still showing not secure?
Untitled.png
Untitled.png (86.76 KiB) Viewed 6245 times
Visit us - 'THE WGCG' http://www.ww2wargamesclubforgentlemen.com/
Eagletanker
Sergeant - Panzer IIC
Sergeant - Panzer IIC
Posts: 196
Joined: Sat Apr 15, 2017 3:30 pm

Re: Slitherine Forum should be HTTPS

Post by Eagletanker »

Yeah, me to
findle70
Private First Class - Opel Blitz
Private First Class - Opel Blitz
Posts: 1
Joined: Mon Jul 20, 2015 1:34 am

Re: Slitherine Forum should be HTTPS

Post by findle70 »

It looks like the redirect links from Matrix (how I got here) are still pointing to the http site. So they didn't make SSL mandatory for the site, but it is still available. Manually add the https in front your address and you'll be in the secure site.
Post Reply

Return to “General Discussion”