If you wish to attach one or more files enter the details below. You may also attach files by dragging and dropping them in the message box.
by orathaic » Wed May 01, 2019 6:50 pm
Polycarp_of_Smyrna wrote: ↑Thu Apr 25, 2019 12:48 pm Peregrine Falcon wrote: ↑Thu Apr 25, 2019 4:05 am webDip has a few redirecting issues. It's currently possible to access the site through five different urls and three different logins. I think the plan is to eventually route them all to either https://webdiplomacy.net or https://www.webdiplomacy.net. That is not necessarily secure. It is still susceptible to downgrade attacks (forcing https to unsecured http). If HSTS is implemented, compliant (essentially all) browsers will refuse to connect if a https connection is not established. Note that this has the potential drawback of no one being able to use the site if the certificate lapses until it is renewed.
Peregrine Falcon wrote: ↑Thu Apr 25, 2019 4:05 am webDip has a few redirecting issues. It's currently possible to access the site through five different urls and three different logins. I think the plan is to eventually route them all to either https://webdiplomacy.net or https://www.webdiplomacy.net.
by flash2015 » Thu Apr 25, 2019 1:32 pm
Chaqa wrote: ↑Thu Apr 25, 2019 11:34 am I always have an issue where links some people post log me out of the site. Is it related?
by Polycarp_of_Smyrna » Thu Apr 25, 2019 12:48 pm
by Chaqa » Thu Apr 25, 2019 11:34 am
by jmo1121109 » Thu Apr 25, 2019 4:18 am
by Peregrine Falcon » Thu Apr 25, 2019 4:05 am
by Polycarp_of_Smyrna » Thu Apr 25, 2019 2:42 am
flash2015 wrote: ↑Wed Apr 24, 2019 8:46 pm Polycarp_of_Smyrna wrote: ↑Wed Apr 24, 2019 6:45 pm BananaFang wrote: ↑Wed Apr 24, 2019 3:57 pm https://www.eff.org/https-everywhere ? I am not familiar with this program but it appears to be a plugin that the client uses. That means that only users who have the plugin installed will be protected. If the site implements HSTS, every user will be protected. It is a plugin that effectively does URL rewriting in the client to change http to the corresponding https URL where server side techniques to switch to https (like HSTS) are not supported. The http-https mappings are defined in a set of rules which are loaded by the client web browser. Both Firefox and Chrome are supported. It is free and open source and is intended for use by everyone that wants to be more secure on the web. EFF also has other plugins/tools to provide more security on the web like PrivacyBadger...which is a bit like Ghostery.
Polycarp_of_Smyrna wrote: ↑Wed Apr 24, 2019 6:45 pm BananaFang wrote: ↑Wed Apr 24, 2019 3:57 pm https://www.eff.org/https-everywhere ? I am not familiar with this program but it appears to be a plugin that the client uses. That means that only users who have the plugin installed will be protected. If the site implements HSTS, every user will be protected.
BananaFang wrote: ↑Wed Apr 24, 2019 3:57 pm https://www.eff.org/https-everywhere ?
by flash2015 » Wed Apr 24, 2019 8:46 pm
by Polycarp_of_Smyrna » Wed Apr 24, 2019 6:45 pm
by flash2015 » Wed Apr 24, 2019 5:31 pm
by BananaFang » Wed Apr 24, 2019 3:57 pm
by chluke » Wed Apr 24, 2019 3:30 pm
by Polycarp_of_Smyrna » Wed Apr 24, 2019 2:46 pm
Top