Quantcast

Results 1 to 15 of 15

Thread: About HTTPS for sega-16.com/forum

  1. #1
    Hedgehog-in-Training Hedgehog-in-TrainingNameless One Pha's Avatar
    Join Date
    Mar 2017
    Posts
    75
    Rep Power
    4

    Default About HTTPS for sega-16.com/forum

    Hello,

    About HTTPS for sega-16.com/forum fo reassure users, because currently passwords circulate in clear which is serious, is that planned ?

  2. #2
    Raging in the Streets xelement5x's Avatar
    Join Date
    Feb 2011
    Location
    Southwest USA
    Age
    39
    Posts
    4,308
    Rep Power
    70

    Default

    I agree this is a relevant issue that needs to be addressed. If Melf or someone needs assistance making the modifications please reach out.
    Quote Originally Posted by StarMist View Post
    A spine card is the hymen of a new game assuring its first owner that he is truly her one and only, and of a used game assuring its new owner that whilst she has been played with in the past that play has never been too careless or thorough.

  3. #3
    Comrade as in friend. Master of Shinobi ComradeOj's Avatar
    Join Date
    Dec 2012
    Location
    New Mexico, USA
    Age
    25
    Posts
    1,352
    Rep Power
    57

    Default

    I second this! I've noticed for a while that sega-16 runs on HTTP not HTTPS. Passwords are sent hashed with MD5 when logging in as far as I know, but site-wide encryption is still the best way to go.

    This might be a good time to mention, since there is a lot of crossover between these sites, but spritesmind.net actually sends passwords completely unencrypted when logging in.
    Modded consoles:
    Master System (v7040) with s-video & direct AV out
    Model 1 with 10mhz overclock & halt switches
    Model 1 with 10mhz 68010
    Model 2 VA2.3 with unfiltered Mega Amp, & s-video
    Model 3 VA1 with compatibility fixes & s-video
    32X with s-video
    Visit my web site at www.mode5.net
    Or my collection of homebrew Genesis games, programs, and music on SEGA-16!

  4. #4
    Blast processor Melf's Avatar
    Join Date
    Jun 2005
    Location
    Cabo Rojo, PR
    Posts
    9,492
    Rep Power
    133

    Default

    I've shown this thread to our webmaster, so he can determine what needs to be done (if anything).

  5. #5
    Raging in the Streets Sik's Avatar
    Join Date
    Jan 2011
    Posts
    3,522
    Rep Power
    64

    Default

    For what's worth it, the forum already loads with HTTPS Everywhere… just without the stylesheet. So the forum kind of works with HTTPS but some part doesn't.

    I'd say that more problematic than the password is MITM attacks. Stealing the password is bad but if it was unique to this forum there isn't much to be lost. An infected router that injects malware into plain HTTP pages? Way more problematic.

  6. #6
    Nonconformist Hedgehog-in-TrainingWCPO Agent EyeDeeNo76's Avatar
    Join Date
    Dec 2015
    Location
    97km north of New York City
    Age
    42
    Posts
    886
    Rep Power
    24

    Default

    "For what's worth it, the forum already loads with HTTPS Everywhere"

    Yeah it loads but if I want to see the forum as it should normally be presented or have full functionality when posting I have to disable it.

  7. #7
    Hedgehog-in-Training Hedgehog-in-TrainingNameless One Pha's Avatar
    Join Date
    Mar 2017
    Posts
    75
    Rep Power
    4

    Default

    We are almost in the year 2020 and the forum still does not natively support https encryption which affects the security of users and therefore the site...

    Can we know the reason for such paralysis ???
    Because KEGA Fusion is anything but absurd.

  8. #8
    Nonconformist Hedgehog-in-TrainingWCPO Agent EyeDeeNo76's Avatar
    Join Date
    Dec 2015
    Location
    97km north of New York City
    Age
    42
    Posts
    886
    Rep Power
    24

    Default

    CVE Details Vulnerability Vbulletin » Vbulletin » 4.2.3


    Edit: This is one of a short list of sites I need to disable protections for.

    Also like seeing this from Firefox "The information you have entered on this page will be sent over an insecure connection and could be read by a third party.

    Are you sure you want to send this information?"
    Last edited by EyeDeeNo76; 10-16-2019 at 12:21 PM.

  9. #9
    The Gentleman Thief Baloo's Avatar
    Join Date
    Mar 2009
    Posts
    5,484
    Rep Power
    85

    Default

    Agreed...we definitely need HTTPS for the forum.
    Quote Originally Posted by j_factor View Post
    The Sega Saturn was God's gift to humanity. This is inarguable fact!
    Quote Originally Posted by llj View Post
    Count me as someone who never liked the Turbo/Hyper Fighting iterations of Street Fighter 2. The speed ups always struck me as too "Benny Hill".


    Feedback Thread: http://www.sega-16.com/forum/showthr...ack&highlight=

  10. #10
    Hedgehog-in-Training Hedgehog-in-TrainingSports Talker
    Join Date
    Sep 2019
    Posts
    48
    Rep Power
    0

    Default

    https is the way to go..

  11. #11
    Blast processor Melf's Avatar
    Join Date
    Jun 2005
    Location
    Cabo Rojo, PR
    Posts
    9,492
    Rep Power
    133

    Default

    Quote Originally Posted by Pha View Post
    We are almost in the year 2020 and the forum still does not natively support https encryption which affects the security of users and therefore the site...

    Can we know the reason for such paralysis ???
    Because the forum and site are on someone else's server and they have not done the upgrade. I don't know when or if they will, and I do not have the access or knowledge to do it myself. I'm looking at some options, but this site is paid for by ads and my own pocket, and migrating to a different server is expensive.

  12. #12
    Raging in the Streets Sik's Avatar
    Join Date
    Jan 2011
    Posts
    3,522
    Rep Power
    64

    Default

    If you ever decide to look at other hosts (may be worth looking at it long term?), Plutiedev is hosted in Kualo and they're pretty cheap for what they offer. Just note that you'll have to start Let's Encrypt from cPanel or you'll be stuck with a self-signed certificate (trivial step but easy to overlook). I don't know what are your needs but leaving it here, may want to check with support if you're unsure (they're pretty responsive from my experience).

    https://www.kualo.co.uk/

    EDIT: note, they have hosting in the US and the UK if that matters, don't get misled by the address I copied here :​v

  13. #13
    Master of Shinobi
    Join Date
    Sep 2012
    Posts
    1,055
    Rep Power
    28

    Default

    Quote Originally Posted by ComradeOj View Post
    This might be a good time to mention, since there is a lot of crossover between these sites, but spritesmind.net actually sends passwords completely unencrypted when logging in.
    Spritesmind runs phpbb, which is the most insecure forum software ever written.

  14. #14
    Raging in the Streets Sik's Avatar
    Join Date
    Jan 2011
    Posts
    3,522
    Rep Power
    64

    Default

    phpBB 3 is a lot more secure than 2 used to be at least.

    Note that SpritesMind does support HTTPS just fine… it's just that browsers will default to plain HTTP unless explicitly told otherwise (i.e. you have to manually add https:// or the browser won't use HTTPS). I guess Kaneda never got around changing the server configuration to always redirect to the HTTPS version.

  15. #15
    Hedgehog-in-Training Hedgehog-in-TrainingNameless One Pha's Avatar
    Join Date
    Mar 2017
    Posts
    75
    Rep Power
    4

    Default

    Quote Originally Posted by Pha View Post
    We are almost in the year 2020 and the forum still does not natively support https encryption which affects the security of users and therefore the site...

    Can we know the reason for such paralysis ???
    Quote Originally Posted by Melf View Post
    Because the forum and site are on someone else's server and they have not done the upgrade. I don't know when or if they will, and I do not have the access or knowledge to do it myself. I'm looking at some options, but this site is paid for by ads and my own pocket, and migrating to a different server is expensive.
    In short, you pay a very expensive service with forced advertising when it is not up to the task of securing in https your site, it is very boring.

    Can we know how much you site costs you in us$ over a maximum of 1 year? And how many hours did you spend ?

    Finally, what are the criteria you are looking for for a possible migration (geographical location, capacity, etc.)

    With the passage on the forum, maybe having an idea of what you are looking for could help you...
    Because KEGA Fusion is anything but absurd.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •