Quantcast

Results 1 to 6 of 6

Thread: About HTTPS for sega-16.com/forum

  1. #1
    Hedgehog-in-Training Hedgehog-in-TrainingNameless One Pha's Avatar
    Join Date
    Mar 2017
    Posts
    66
    Rep Power
    4

    Default About HTTPS for sega-16.com/forum

    Hello,

    About HTTPS for sega-16.com/forum fo reassure users, because currently passwords circulate in clear which is serious, is that planned ?

  2. #2
    Raging in the Streets xelement5x's Avatar
    Join Date
    Feb 2011
    Location
    Southwest USA
    Age
    39
    Posts
    4,274
    Rep Power
    69

    Default

    I agree this is a relevant issue that needs to be addressed. If Melf or someone needs assistance making the modifications please reach out.
    Quote Originally Posted by StarMist View Post
    A spine card is the hymen of a new game assuring its first owner that he is truly her one and only, and of a used game assuring its new owner that whilst she has been played with in the past that play has never been too careless or thorough.

  3. #3
    Comrade as in friend. Master of Shinobi ComradeOj's Avatar
    Join Date
    Dec 2012
    Location
    New Mexico, USA
    Age
    24
    Posts
    1,333
    Rep Power
    56

    Default

    I second this! I've noticed for a while that sega-16 runs on HTTP not HTTPS. Passwords are sent hashed with MD5 when logging in as far as I know, but site-wide encryption is still the best way to go.

    This might be a good time to mention, since there is a lot of crossover between these sites, but spritesmind.net actually sends passwords completely unencrypted when logging in.
    Modded consoles:
    Master System (v7040) with s-video & direct AV out
    Model 1 with 10mhz overclock & halt switches
    Model 1 with 10mhz 68010
    Model 2 VA2.3 with unfiltered Mega Amp, & s-video
    Model 3 VA1 with compatibility fixes & s-video
    32X with s-video
    Visit my web site at www.mode5.net
    Or my collection of homebrew Genesis games, programs, and music on SEGA-16!

  4. #4
    Blast processor Melf's Avatar
    Join Date
    Jun 2005
    Location
    Cabo Rojo, PR
    Posts
    9,480
    Rep Power
    130

    Default

    I've shown this thread to our webmaster, so he can determine what needs to be done (if anything).

  5. #5
    Raging in the Streets Sik's Avatar
    Join Date
    Jan 2011
    Posts
    3,353
    Rep Power
    63

    Default

    For what's worth it, the forum already loads with HTTPS Everywhere… just without the stylesheet. So the forum kind of works with HTTPS but some part doesn't.

    I'd say that more problematic than the password is MITM attacks. Stealing the password is bad but if it was unique to this forum there isn't much to be lost. An infected router that injects malware into plain HTTP pages? Way more problematic.

  6. #6
    Nonconformist Hedgehog-in-TrainingWCPO Agent EyeDeeNo76's Avatar
    Join Date
    Dec 2015
    Location
    97km north of New York City
    Age
    42
    Posts
    880
    Rep Power
    24

    Default

    "For what's worth it, the forum already loads with HTTPS Everywhere"

    Yeah it loads but if I want to see the forum as it should normally be presented or have full functionality when posting I have to disable it.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •