No HTTPS?

Discussion in 'Tech Talk' started by FallenSoldier, May 2, 2017.

  1. FallenSoldier

    FallenSoldier Member

    Joined:
    Apr 4, 2013
    Messages:
    101
    Christian:
    Yes
    Just wondering why there is no HTTPS connection on here. Any logins can be seen in plaintext. I was able to get my login credentials quite easily with wireshark (on my local network). I normally run a VPN, but thats only encrypted up until the VPN server. Any wire tapping close to the CF.net hosting server would be able to have a field day with getting login credentials.
     
  2. Knotical

    Knotical Staff Member Moderator

    Joined:
    Sep 11, 2012
    Messages:
    5,145
    Location:
    Armpit of California
    Christian:
    Yes
    @Eora, Any word on this?

    This could just be another bug from the recent migration.

    Actually, I should be tagging Nick on this.
     
  3. WIP

    WIP Staff Member Administrator

    Joined:
    Dec 11, 2010
    Messages:
    7,587
    Location:
    Central Minnesota, USA
    Christian:
    Yes
    I think there are some remaining issues with regard to our security that still need to be worked out. I believe Nick is working on it.
     
  4. FallenSoldier

    FallenSoldier Member

    Joined:
    Apr 4, 2013
    Messages:
    101
    Christian:
    Yes
    Oops, didn't see this thread. Looks like Nick is in fact working on it. True, this site does not have any kind of sensitive data, but if someone was to get bored and grab admin account credentials and wreck havoc on the forums, it'd be a bit of a headache to fix the mess. As an example, I worked for a radio station once, and you'd think 'who in the world would hack a radio station?' Well believe it or not, it happens, which is why they wanted me to fix up their security. Forgive me if I sound pestering, I don't mean to. Just sharing my knowledge on the matter :)
     

Share This Page