Traveller Store CotI Features New Posts Mark Forums Read Register


Go Back TravellerRPG.com > Citizens of the Imperium > Administration > CotI Website Issues

CotI Website Issues This is the place to let us know if you are having any problems or questions with the features available on the CotI website.

Reply
 
Thread Tools Display Modes
  #11  
Old July 22nd, 2020, 10:31 AM
whartung whartung is offline
Citizen: SOC-14
 
Join Date: Nov 2004
Posts: 2,566
Gallery : 0
whartung Citizen+whartung Citizen+whartung Citizen+
Default

Quote:
Originally Posted by tjoneslo View Post
The second is certificate use to secure the "https" is out of date or not issued by a trusted issuer. There is a similar idea here about the feedback loop. There are a few free certificate issuers, but most cost $100+ per year to keep up-to-date, assuming your ISP allows the process to be automated.
Certificates also have a date range for which they are valid. It's routine in when developing with certificates, to make them have an "infinite" (i.e. 10 years+) shelf life -- one less thing to hassle with.

But modern browsers are now starting to flag those certificates that are more than a year old. The current pressure is that certificates should be renewed each year.

Let's Encrypt, a very popular free certificate provider, issues certificates that are valid for only 90 days, but also has procedures with example code and strongly encourages sites to auto renew.

Quote:
Sooner or later Firefox and/or chrome will start to refuse to connect to these http site.
The browsers are kinder to sites with no certificate, than to sites with untrusted certificates. At least in Safari, you have to click through several dialogs and enter your password to enter a site with any kind of certificate problem.

This is a good thing.

But in the end, the browsers won't deny you to an HTTP site.
Reply With Quote
  #12  
Old July 22nd, 2020, 04:25 PM
timerover51's Avatar
timerover51 timerover51 is offline
Citizen: SOC-14
 
Join Date: Sep 2012
Location: North of Chicago
Posts: 6,467
Gallery : 4
Visit timerover51's Blog
timerover51 Beloved Citizentimerover51 Beloved Citizentimerover51 Beloved Citizentimerover51 Beloved Citizentimerover51 Beloved Citizentimerover51 Beloved Citizentimerover51 Beloved Citizentimerover51 Beloved Citizen
Default

Quote:
Originally Posted by tjoneslo View Post
There are two sources to this "not secure" warning.

The first is the "https" (secure http) everywhere initiative being driven by Mozilla (firefox) and Google (chrome). The idea is to achieve exactly what is being done here. The browsers complain to the users that their favorite site using "http" is "insecure", the users complain to the website owners, and the owners then fix the site to use https.

The second is certificate use to secure the "https" is out of date or not issued by a trusted issuer. There is a similar idea here about the feedback loop. There are a few free certificate issuers, but most cost $100+ per year to keep up-to-date, assuming your ISP allows the process to be automated.

CotI is of the first type, it still uses "http". This requires server side configuration to fix.

Sooner or later Firefox and/or chrome will start to refuse to connect to these http site.
So basically, it is economic blackmail to force users to pay up.
__________________
Star Port Administrator: El Paso, El Paso, Sword Sub-sector, Piper-Norton Out Rim Sector
Link to Piper Sector: http://www.zarthani.net/ridder-mankind_to_the_stars.htm
Do you have a security clearance? New Oct. 13 Blog Entry-Two for One
http://www.youtube.com/watch?v=ElI451TxsTg, 3:24 in.
I march to my own set of bagpipes. Caution: This individual thinks that studying logistics is FUN.

They that go down to the sea in ships,
that do business in great waters;
These see the works of the LORD,
and his wonders in the deep.
Reply With Quote
  #13  
Old July 23rd, 2020, 10:22 AM
whartung whartung is offline
Citizen: SOC-14
 
Join Date: Nov 2004
Posts: 2,566
Gallery : 0
whartung Citizen+whartung Citizen+whartung Citizen+
Default

Quote:
Originally Posted by timerover51 View Post
So basically, it is economic blackmail to force users to pay up.
Save for that the browser makers don't benefit economically from promoting a more secure internet.

Apple, Mozilla, MS, even Google are not Certificate Authorities and don't sell certificates to the public.

They're promoting a more secure internet to protect consumers from parts of the real, dark, world that is the modern internet.

CotI is currently a Bad Citizen, and they should make the effort to move towards https.
Reply With Quote
  #14  
Old August 18th, 2020, 04:48 PM
Proneutron Proneutron is offline
Citizen: SOC-12
 
Join Date: Aug 2020
Posts: 196
Gallery : 1
Proneutron Citizen
Default

The LACK of encrypted connection is only a problem if you are sending/receiving data you don't want someone else to see. If someone really wants to hack my user acct on here, go for it. There is no return on the time invested.
Reply With Quote
  #15  
Old August 19th, 2020, 10:23 AM
whartung whartung is offline
Citizen: SOC-14
 
Join Date: Nov 2004
Posts: 2,566
Gallery : 0
whartung Citizen+whartung Citizen+whartung Citizen+
Default

Quote:
Originally Posted by Proneutron View Post
The LACK of encrypted connection is only a problem if you are sending/receiving data you don't want someone else to see. If someone really wants to hack my user acct on here, go for it. There is no return on the time invested.
Like your username and password, which some folks may reuse on other sites, because that's what humans do.

Clearly, the attack surface is low, it's a low traffic very niche site. But, it's not zero.
Reply With Quote
  #16  
Old August 20th, 2020, 10:31 AM
Proneutron Proneutron is offline
Citizen: SOC-12
 
Join Date: Aug 2020
Posts: 196
Gallery : 1
Proneutron Citizen
Default

Quote:
Originally Posted by whartung View Post
Like your username and password, which some folks may reuse on other sites, because that's what humans do.

Clearly, the attack surface is low, it's a low traffic very niche site. But, it's not zero.
Who said it was zero?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Not Secure atpollard Citizens' Information Centre 11 December 15th, 2019 10:49 AM
Secure communications? SpaceBadger The Lone Star 7 January 8th, 2014 12:34 PM
Secure Facility Request Icosahedron The Lone Star 3 September 21st, 2009 03:46 PM
Secure Server Ordering Up and Running! hunter Citizens' Information Centre 0 February 24th, 2008 04:24 PM
Secure Credit Card Ordering Back Up hunter Citizens' Information Centre 0 August 8th, 2007 01:41 AM

This website and its contents are copyright ©2010- Far Future Enterprises. All rights reserved. Traveller is a registered trademark of Far Future Enterprises .
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2010-2013, Far Future Enterprises. All Rights Reserved.