Why does TF not enable secure logins? - TennisForum.com
 2Likes
  • 2 Post By Steve
 
LinkBack Thread Tools
post #1 of 5 (permalink) Old Apr 19th, 2017, 01:26 AM Thread Starter
country flag pov
Senior Member
 
pov's Avatar
 
Join Date: Feb 2008
Posts: 35,934
                     
Why does TF not enable secure logins?

I'd think that after the hacking incident that would have been a given.

"These lifeforms feel such passionate hatreds over matters of custom, God concepts, even - strangely enough - economic systems." - Capt. J Piccard USS Enterprise

Darkness cannot drive out darkness; only light can do that. Hate cannot drive out hate; only love can do that. - Martin Luther King, Jr.
pov is offline  
Sponsored Links
Advertisement
 
post #2 of 5 (permalink) Old Apr 19th, 2017, 02:37 PM
Webmaster
 
Steve's Avatar
 
Join Date: Jul 2006
Posts: 1,891
                     
Re: Why does TF not enable secure logins?

Well the hack actually occurred through a 3rd party plugin that we use. The site itself was never compromised, but enough data was kept in that plugin to make the reset last June necessary.

The secure login warning that you get is referring to the fact the site doesn't use https, which is a different kind of protection, designed to stop someone who is trying to intercept what you are typing, as you type it (a MIM attack or "Man in the Middle"). Since everything you type here is going to a public forum, the site has zero eCommerce, and the functions that could cause real havoc (admin tools) have extra security on them, it's never been something that was felt entirely necessary for the site. It's not just a switch we could flip on, there are compatibility issues that would need to be ironed out.

However, it's been on the "wish list" for awhile, and now that browsers are following Google's lead and flagging sites that don't use https, it's been bumped up the priority list. It's going to be added here in the near future so we can keep our reputation as a safe site. I haven't been given an official ETA, but it should be in the next month or so.

Kevin
CrossCourt~Rally and pov like this.
Steve is offline  
post #3 of 5 (permalink) Old Apr 19th, 2017, 03:52 PM Thread Starter
country flag pov
Senior Member
 
pov's Avatar
 
Join Date: Feb 2008
Posts: 35,934
                     
Re: Why does TF not enable secure logins?

Quote:
Originally Posted by Steve View Post
The secure login warning that you get is referring to the fact the site doesn't use https, which is a different kind of protection, designed to stop someone who is trying to intercept what you are typing, as you type it (a MIM attack or "Man in the Middle").
Yes. But I don't see why there'd be comparability issues with enabling SSL login. It's only a two-step process.

Sure if the entire site was going to SSL-enabled it would be much more than "throwing a switch" but that wasn't what I was suggesting. Once login is complete, passwords have been transmitted and the cookies have been set, I don't see much need for SSL.

"These lifeforms feel such passionate hatreds over matters of custom, God concepts, even - strangely enough - economic systems." - Capt. J Piccard USS Enterprise

Darkness cannot drive out darkness; only light can do that. Hate cannot drive out hate; only love can do that. - Martin Luther King, Jr.
pov is offline  
 
post #4 of 5 (permalink) Old Apr 20th, 2017, 02:08 PM
Webmaster
 
Steve's Avatar
 
Join Date: Jul 2006
Posts: 1,891
                     
Re: Why does TF not enable secure logins?

Hey there

The entire site will be SSL enabled. The certificate covers a domain, not a code block. The login is found on every page that is available to Guests, so even if we could pick and choose what to cover, there are still many more pages that need the protection than not so it just makes sense to cover the entire site.

Dayle
Steve is offline  
post #5 of 5 (permalink) Old May 22nd, 2017, 08:49 PM
Senior Member
 
Exordes's Avatar
 
Join Date: Nov 2012
Posts: 27,540
                     
Re: Why does TF not enable secure logins?

Mozilla Firefox has also given recently this "insecure password warning" when I login in to this forum:
https://support.mozilla.org/en-US/kb...arning-firefox
Exordes is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the TennisForum.com forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



Posting Rules  
You may not post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome