login is not secure

Page 1 of 1

10 Replies - 1027 Views - Last Post: 31 May 2017 - 06:31 PM

#1 secureme  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 10-March 17

login is not secure

Posted 10 March 2017 - 12:49 PM

Not the best place to post this but this account won't let me post in a more appropriate place, nor send email to mods. I noticed this morning that the forum login is not secure. Is this a new problem or have I just been completely oblivious up till now? (Set up new user because I didn't want to send my regular username/pw until fixed.)

r.stiltskin
Is This A Good Question/Topic? 0
  • +

Replies To: login is not secure

#2 modi123_1  Icon User is online

  • Suitor #2
  • member icon



Reputation: 13545
  • View blog
  • Posts: 54,057
  • Joined: 12-June 08

Re: login is not secure

Posted 10 March 2017 - 12:59 PM

I believe it's been a thing for a while, but honestly I haven't thought about it.
Was This Post Helpful? 0
  • +
  • -

#3 hexagod  Icon User is offline

  • D.I.C Head

Reputation: 5
  • View blog
  • Posts: 242
  • Joined: 29-October 16

Re: login is not secure

Posted 10 March 2017 - 05:21 PM

I'm not too worried about it though.. I don't think there's much info in my account on here that I cherish dearly... most of the account info is pub anyway. Just use a dif password than your banks and ur good?
Was This Post Helpful? 0
  • +
  • -

#4 xclite  Icon User is offline

  • I wrote you an code
  • member icon


Reputation: 1246
  • View blog
  • Posts: 4,040
  • Joined: 12-May 09

Re: login is not secure

Posted 10 March 2017 - 05:49 PM

I agree that I don't worry about it, but that's because I know to isolate credentials. That does not excuse us from running a site with an insecure login.
Was This Post Helpful? 0
  • +
  • -

#5 no2pencil  Icon User is online

  • Professor Snuggly Pants
  • member icon

Reputation: 6556
  • View blog
  • Posts: 30,697
  • Joined: 10-May 07

Re: login is not secure

Posted 10 March 2017 - 06:04 PM

Pretty sure that any time that it has been brought up, skyhawk133 has mentioned that it's being corrected in the next release.
Was This Post Helpful? 0
  • +
  • -

#6 xclite  Icon User is offline

  • I wrote you an code
  • member icon


Reputation: 1246
  • View blog
  • Posts: 4,040
  • Joined: 12-May 09

Re: login is not secure

Posted 10 March 2017 - 06:40 PM

The fabled upgrade ;)
Was This Post Helpful? 0
  • +
  • -

#7 r.stiltskin  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2015
  • View blog
  • Posts: 5,409
  • Joined: 27-December 05

Re: login is not secure

Posted 11 March 2017 - 10:20 AM

Awkward... Not that I'm worried that I exposed anything valuable -- I have no sensitive info here and don't use this password anyplace important. I'm just shocked that I haven't noticed it sooner. My bad.
Was This Post Helpful? 0
  • +
  • -

#8 Martyr2  Icon User is offline

  • Programming Theoretician
  • member icon

Reputation: 5076
  • View blog
  • Posts: 13,700
  • Joined: 18-April 07

Re: login is not secure

Posted 30 May 2017 - 02:20 PM

I too hadn't noticed until yesterday. The login really should be SSL. Out of all the years this site has been going it could have been done.
Was This Post Helpful? 0
  • +
  • -

#9 skyhawk133  Icon User is offline

  • Head DIC Head
  • member icon

Reputation: 1949
  • View blog
  • Posts: 20,376
  • Joined: 17-March 01

Re: login is not secure

Posted 30 May 2017 - 07:48 PM

View PostMartyr2, on 30 May 2017 - 03:20 PM, said:

I too hadn't noticed until yesterday. The login really should be SSL. Out of all the years this site has been going it could have been done.


We're actually close to having the entire site on SSL.

The login is now available as of about a week and a half ago via HTTPS: https://www.dreaminc...l&section=login
Was This Post Helpful? 1
  • +
  • -

#10 Martyr2  Icon User is offline

  • Programming Theoretician
  • member icon

Reputation: 5076
  • View blog
  • Posts: 13,700
  • Joined: 18-April 07

Re: login is not secure

Posted 31 May 2017 - 12:28 PM

Good to hear from you again Skyhawk133. Some rumors were that you were dead, but I refused to believe them! ;)

Glad the SSL is coming along. Couldn't get a wildcard cert or something for *.dreamincode.net? Also the page has a ton of errors on it due to mixed content so you don't get the nice green lock. But good to know you are on the job.

:)
Was This Post Helpful? 0
  • +
  • -

#11 skyhawk133  Icon User is offline

  • Head DIC Head
  • member icon

Reputation: 1949
  • View blog
  • Posts: 20,376
  • Joined: 17-March 01

Re: login is not secure

Posted 31 May 2017 - 06:31 PM

View PostMartyr2, on 31 May 2017 - 01:28 PM, said:

Good to hear from you again Skyhawk133. Some rumors were that you were dead, but I refused to believe them! ;)/>

Glad the SSL is coming along. Couldn't get a wildcard cert or something for *.dreamincode.net? Also the page has a ton of errors on it due to mixed content so you don't get the nice green lock. But good to know you are on the job.
:)/>


Alive might be a stretch, but I'm still above ground at least.

We do have a wildcard cert, but there were/are a ton of hardcoded paths. I got the number down last week from over 300 calls on the page to less than 20 I think, now it's a matter of digging through old scripts and finding where they are still hard coded. I know a few should be pretty simple with a grep/replace.

We actually flipped the entire site to SSL for a few hours one day a week or two ago and it worked, but had a lot of stuff not load.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1