Alien Arena Official Forums
Web site certificate error. - Printable Version

+- Alien Arena Official Forums (http://red.planetarena.org/forum)
+-- Forum: Community (http://red.planetarena.org/forum/forumdisplay.php?fid=1)
+--- Forum: General Discussion (http://red.planetarena.org/forum/forumdisplay.php?fid=2)
+--- Thread: Web site certificate error. (/showthread.php?tid=2215)

Pages: 1 2


Web site certificate error. - xenos - 03-10-2017

Hi all, anyone else seeing this?


RE: Web site certificate error. - DeathRay - 03-10-2017

I think we need to update the forum software. I am a bit under the weather and have a crazy sched the next few weeks, maybe some one with FTP access could do it in the meantime.


RE: Web site certificate error. - berycz - 03-10-2017

that's gonna be your web browser cos the forum is not on https (SSL)


RE: Web site certificate error. - animal - 03-10-2017

Like Bery said. It;s just your browser notifying you about an unsecure connection that has a password. Every web service that uses passwords to connect should utilize https. Lotsa info can be found at https://letsencrypt.org/ and https://www.eff.org/encrypt-the-web


RE: Web site certificate error. - Manchev - 03-12-2017

So the reason of the message is because the forum is not secure ?


RE: Web site certificate error. - [SiN]bAnfire - 03-12-2017

Of course not, but we could improve and will do so
(03-12-2017, 01:18 PM)Manchev Wrote: So the reason of the message is because the forum is not secure ?



RE: Web site certificate error. - DeathRay - 03-12-2017

I'll take a look at all of this a bit later in the week or next. Many other priorities at the moment.


RE: Web site certificate error. - chessplayer - 03-12-2017

(03-12-2017, 03:21 PM)[SiN]bAnfire Wrote: Of course not, but we could improve and will do so
(03-12-2017, 01:18 PM)Manchev Wrote: So the reason of the message is because the forum is not secure ?
Denying that it's unsafe is simply misinformation, of course it isn't safe, the username and password are send in plain-text (you can see them by yourself by taking a look at the header info of the "members.php" file in the network tab of your browser's developer tools) and so can be seen by anyone who can listen to your network traffic.

But anyway, this is just a game forum and in general there's no sensitive data in the accounts (it has your email address but at least there's no bank account info, address and things like that).

I guess the most important is to never use here (or in any other site with not encrypted login) the same password that you use in important accounts, like e-mail, internet banking, and such things.


RE: Web site certificate error. - xenos - 03-12-2017

So really it's just that firefox has recently been changed to better notify about that situation.


RE: Web site certificate error. - berycz - 03-13-2017

(03-12-2017, 05:45 PM)chessplayer Wrote:
(03-12-2017, 03:21 PM)[SiN]bAnfire Wrote: Of course not, but we could improve and will do so
(03-12-2017, 01:18 PM)Manchev Wrote: So the reason of the message is because the forum is not secure ?

Denying that it's unsafe is simply misinformation, of course it isn't safe, the username and password are send in plain-text (you can see them by yourself by taking a look at the header info of the "members.php" file in the network tab of your browser's developer tools) and so can be seen by anyone who can listen to your network traffic.



But anyway, this is just a game forum and in general there's no sensitive data in the accounts (it has your email address but at least there's no bank account info, address and things like that).



I guess the most important is to never use here (or in any other site with not encrypted login) the same password that you use in important accounts, like e-mail, internet banking, and such things.
I'd like to add, since you can never be sure, how the website (or any other online account) store your password, or what it does with it, you should never use the same password twice!
'cos sometimes they store the passwords like plain text and anybody with access to the server can read it and believe me, there is a lot of websites/e-shops/apps which store the passwords that way, so every admin/programmer around the project/server can read it... sometimes they do that so they can send you your password, when you forget it, but still, it's just absolutely stupid Smile

Btw if you share your local network at home with anybody or you use somebody elses wifi or so, anybody in the network can easily see whatever you do online on websites without SSL, using Wireshark Wink So he can even see your passwords, when you log in, or anytime he can steal your session, so he can access the website with your account... So yep, it's not secure Smile

If I can recommend, don't share your wifi with anybody Smile secure it with password and allow just mac addresses of your HW (computer, phone, tablet, ...), it's still not 100% hack-proof, but at least something Smile
And don't ever use the default login/password of your modem/router!!! (usually admin/admin or root/root or something) change it to something strong