|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now! |
|
#1
December 12th, 2007, 07:14 PM
|
||||
|
||||
|
Security starts here!
Ok one thing I noticed with our logins is that they are not over a secured connection. It's just the standard http:// and not https:// I don't know if this belongs inside here or forum suggestions but it's a bit concerning to know our logins are sent in cleartext and not over a secured connection.
__________________
Codeinated
|
|
#2
December 14th, 2007, 03:04 AM
|
||||
|
||||
|
Eh, moved to Suggestions.
Basically nobody uses https for forum logins. The Truecrypt forum does and one other security only forum that I remember seeing, but that's all I've seen. I thought about bringing it up too, but, realistically, it's a cost the admin's have to foot and the benefit is realistically minimal. You shouldn't be using the same password here as you do on important (ie, financial) sites and if your password gets compromised, all the attacker has is access to your account. He can deface it, but even if he locks you out you can reset your password via e-mail and get back in to fix it as soon as you notice. And you don't (I hope) store personal information on the forums. It'd be nice, no question, but DS won't exactly break without it.
__________________
- "Cryptographically secure linear feedback shift register based stream ciphers" -- a phrase that'll get any party started. - Why know the ordinary when you can understand the extraordinary?   - Sponsor my caffeine addiction! (36.70 USD recieved so far -- Latest donor: Mark Foxvog) Last edited by B-Con : December 14th, 2007 at 03:06 AM.
|
|
#3
December 14th, 2007, 03:40 AM
|
||||
|
||||
|
I guess it's something to ponder, and even with self-signed certificates for actual SSL/TLS, or challenge/response stuff for rudimentary protection would be better than plaintext logins being sent. Good idea...
__________________
~~ Peter ~~ ( My Blog: It's exactly like normal nerdiness, but completely different. ) :: ( Supporter of the EFF & FSF ) :: ( I'm a GNU/Linux addict and Free Software Advocate. ) :: ( How to Ask Questions the Smart Way ) :: ( The Fedora Project, sponsored by Red Hat ) :: ( GNOME: The Free Software Desktop Project ) :: ( GnuPG Public Key )
|
|
#4
December 14th, 2007, 10:45 AM
|
||||
|
||||
|
Encrypted wifi, man. You should already have that, being a computer geek. Because this doesn't matter too much.
__________________
A work in progress: Card Game Platform (Status: Hard Drive Crash deleted project, rewrite planned) | Joke Thread “Rational thinkers deplore the excesses of democracy; it abuses the individual and elevates the mob. The death of Socrates was its finest fruit.”
|
|
#5
December 15th, 2007, 04:59 PM
|
||||
|
||||
|
Quote:
|
|
#6
December 15th, 2007, 07:36 PM
|
||||
|
||||
|
Quote:
|
|
#7
December 16th, 2007, 07:41 AM
|
||||
|
||||
|
TCPDUMP or WINDUMP will tell you all you need to know
__________________
--Ax without exception, there is no rule ... The great thing about Object Oriented code is that it can make small, simple problems look like large, complex ones  09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems. -- Jamie Zawinski Detavil - the devil is in the detail, allegedly, and I use the term advisedly, allegedly ... oh, no, wait I did ...
|
|
#8
December 16th, 2007, 11:20 AM
|
||||
|
||||
|
Quote:
The thing is I log into a lot of public networks such as school or hte public library.
|
|
#9
December 16th, 2007, 09:00 PM
|
||||
|
||||
|
Truth is I'm not overly scared of someone logging into this account... not unless they know what other sites I frequent under what usernames, and even then, they'll only get half of the not really important ones.
I mean, if someone was to log into my account and change my info, I think I'm well known enough to get the account back with the help of some friendly staff... minor inconvenience at most. Though if it does get implemented I'd give kudos. So I guess in the end I'm neutral due to not caring too much.
|
|
#10
December 17th, 2007, 03:51 AM
|
||||
|
||||
|
Quote:
Who are you exactly? On a more serious note, I think that if you are that concerned about the security of your information, you wouldn't be using a public network. Same concept goes for sex, if you are that worried about it, either abstain or use protection (like SSL).
__________________
"Java makes impossible things possible, but makes easy things difficult." - Somebody 
Last edited by tagmanadvance : December 17th, 2007 at 03:55 AM.
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
