Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

https in boards.ie

Options
  • 17-11-2014 3:59pm
    #1
    excavate
    Closed Accounts Posts: 5


    Hi,

    I think it is worth mentioning https is not working very well. For a start in chrome all the styles are missing and you have to continually click "Load unsafe script" to get the proper styling.

    All the major forums are starting to use https. Anyone can snoop a user's password and session when using http. It's just so not 2014 to still be on http by default in a forum.

    I would appreciate your thoughts on this?
    Post edited by Shield on


Comments

  • Options
    #2
    Spear
    Moderators, Computer Games Moderators, Technology & Internet Moderators, Help & Feedback Category Moderators Posts: 25,097 CMod ✭✭✭✭Spear


    Boards.ie isn't ready to be entirely used by HTTPS yet. So far only the important parts, login etc, are supported.


  • Options
    #3
    Boards.ie: Chris
    Closed Accounts Posts: 80 ✭✭Boards.ie: Chris


    Just to alleviate any concerns in this area, https works perfectly well on the site. The certificates are valid and checked regularly and we ensure we conform to the highest standards we can without affecting user experience. However we only officially support it's use for the login process, which prevents the issue of snooping passwords and session data, so the above concern is not one to worry about.

    The support of https site wide is already a longterm project for the site. In short, yes we want it, yes it will be done, but it's not easy and won't be done overnight.


  • Options
    #4
    Harold Finchs Machine
    Closed Accounts Posts: 76 ✭✭Harold Finchs Machine


    Lot of new boards staffers, whats going on atall atall??


  • Options
    #5
    Boards.ie: Niamh
    Boards.ie Employee Posts: 12,597 ✭✭✭✭✭Boards.ie: Niamh
    Boards.ie Community Manager


    Chris is not new at all, he has been working with Boards for quite some time but we neglected to give him an account until recently. I'm sure you will spot him around the place a bit more now.

    How can I? User's guide to some features on the new site



  • Options
    #6
    Gordon
    Registered Users Posts: 35,524 ✭✭✭✭Gordon


    Boards.ie: Chris wrote: »
    The support of https site wide is already a longterm project for the site. In short, yes we want it, yes it will be done, but it's not easy and won't be done overnight.
    Hopefully you're not going to do it in the daytime instead?

    Welcome, btw!


  • Advertisement
  • Options
    #7
    28064212
    Registered Users Posts: 10,493 ✭✭✭✭28064212


    Boards.ie: Chris wrote: »
    Just to alleviate any concerns in this area, https works perfectly well on the site. The certificates are valid and checked regularly and we ensure we conform to the highest standards we can without affecting user experience. However we only officially support it's use for the login process, which prevents the issue of snooping passwords and session data, so the above concern is not one to worry about.
    Does it? Session cookie is sent with every request. So if I grab someone's cookie data from a http request (trivial [EDIT: if they're on the same network]), add it to my browser (trivial), and go to boards.ie, will I prevented from being logged in as them?

    Boardsie Enhancement Suite - a browser extension to make using Boards on desktop a better experience (includes full-width display, keyboard shortcuts, dark mode, and more). Now available through your browser's extension store.

    Firefox: https://addons.mozilla.org/addon/boardsie-enhancement-suite/

    Chrome/Edge/Opera: https://chromewebstore.google.com/detail/boardsie-enhancement-suit/bbgnmnfagihoohjkofdnofcfmkpdmmce



  • Options
    #8
    seamus
    Registered Users Posts: 68,317 ✭✭✭✭seamus


    Seems as relevant a thread to ask - have you switched off SSL for HTTPS connections in light of the POODLE vulnerability?


  • Options
    #9
    Spear
    Moderators, Computer Games Moderators, Technology & Internet Moderators, Help & Feedback Category Moderators Posts: 25,097 CMod ✭✭✭✭Spear


    seamus wrote: »
    Seems as relevant a thread to ask - have you switched off SSL for HTTPS connections in light of the POODLE vulnerability?

    https://ssltools.thawte.com/checker/views/certCheck.jsp

    stick in boards.ie and let it work. It reports that the POODLE vulenerability doesn't work.


  • Options
    #10
    Boards.ie: Chris
    Closed Accounts Posts: 80 ✭✭Boards.ie: Chris


    seamus wrote: »
    Seems as relevant a thread to ask - have you switched off SSL for HTTPS connections in light of the POODLE vulnerability?
    Spear wrote: »
    https://ssltools.thawte.com/checker/views/certCheck.jsp

    stick in boards.ie and let it work. It reports that the POODLE vulenerability doesn't work.

    Yep, the configuration is regularly checked against the latest CVEs and hip buzzword vulnerabilities. We don't require it, but we'd easily pass PCI compliance testing if needed.


Advertisement