[Login] Automatically use HTTPS on Login

Suggestions that have made it through the grind, and have become integrated into the site!

Moderators: Suggestions Team, Global Moderators

Re: Turn HTTP into HTTPS on login

Postby Mr_Adams on Thu Mar 03, 2011 1:14 pm

You should use that to hack into LackAttack's account and change his turtle picture. :lol:
I am voting Republican now. The Democrats left a bad taste in my mouth -Monica Lewinski
User avatar
Lieutenant Mr_Adams
 
Posts: 1932
Joined: Fri Jul 13, 2007 8:33 pm
Medals: 49
Standard Achievement (4) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (2) Terminator Achievement (2)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (4) Nuclear Spoils Achievement (1) Fog of War Achievement (4)
Speed Achievement (2) Teammate Achievement (1) Random Map Achievement (2) Cross-Map Achievement (3) Ratings Achievement (3)
Tournament Achievement (1) General Achievement (1) Clan Achievement (8) Tournament Contribution (5)

Re: Turn HTTP into HTTPS on login

Postby bedub1 on Thu Mar 03, 2011 1:16 pm

Mr_Adams wrote:You should use that to hack into LackAttack's account and change his turtle picture. :lol:

No. I'm not a hacker, I'm a security and network expert. I defend against hackers.
Colonel bedub1
 
Posts: 1005
Joined: Sun Dec 31, 2006 4:41 am
Medals: 10
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Freestyle Achievement (1) Teammate Achievement (1)
Cross-Map Achievement (1) Ratings Achievement (1) General Contribution (1)

Re: Turn HTTP into HTTPS on login

Postby Darwins_Bane on Thu Mar 03, 2011 1:53 pm

bedub1 wrote:For people that seem to know what they are talking about, I'm completely flabbergasted at why people are arguing with me. This is in fact the elephant in the room.

Image

Anybody want to guess what my password was? (I changed it specifically for this test).

Yes...that's right...my password was "securepassword".

I captured this using a program called Wireshark. It used to be called Ethereal. Firesheep is a little program that automates this to make it easier on would be hackers.

Passwords sent over HTTP are NOT secure.


I would like to see you do that with a computer that is not on the same router as the one where your password is being entered. That has to do with cookies if I'm right. If not, then I would agree that there needs to be a change. All I'm saying is you don't even need to convert to HTTPS to actually secure your password.
high score : 2294
02:59:29 ‹Khan22› wouldn't you love to have like 5 or 6 girls all giving you attention?
10/11/2010 02:59:39 ‹TheForgivenOne› No.
Corporal Darwins_Bane
 
Posts: 990
Joined: Tue Mar 04, 2008 7:09 pm
Location: Ottawa, Ontario
Medals: 33
Standard Achievement (3) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (1)
Assassin Achievement (3) Manual Troops Achievement (3) Freestyle Achievement (3) Nuclear Spoils Achievement (2) Fog of War Achievement (3)
Speed Achievement (3) Teammate Achievement (1) Cross-Map Achievement (1) Ratings Achievement (1) General Achievement (1)
General Contribution (4)

Re: Turn HTTP into HTTPS on login

Postby Metsfanmax on Thu Mar 03, 2011 1:55 pm

While I'm not impressed by bedub's attempt to hack his own account, I must admit the argument about connections at public hotspots is compelling.
User avatar
Sergeant 1st Class Metsfanmax
 
Posts: 4172
Joined: Wed Apr 11, 2007 11:01 pm
Location: NY
Medals: 43
Standard Achievement (3) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (1)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (1) Nuclear Spoils Achievement (1) Fog of War Achievement (3)
Trench Warfare Achievement (1) Speed Achievement (3) Teammate Achievement (1) Random Map Achievement (1) Cross-Map Achievement (1)
Battle Royale Achievement (1) Ratings Achievement (2) Tournament Achievement (1) General Achievement (7) Clan Achievement (2)
General Contribution (7)

Re: Turn HTTP into HTTPS on login

Postby bedub1 on Thu Mar 03, 2011 2:02 pm

Darwins_Bane wrote:
bedub1 wrote:For people that seem to know what they are talking about, I'm completely flabbergasted at why people are arguing with me. This is in fact the elephant in the room.

Image

Anybody want to guess what my password was? (I changed it specifically for this test).

Yes...that's right...my password was "securepassword".

I captured this using a program called Wireshark. It used to be called Ethereal. Firesheep is a little program that automates this to make it easier on would be hackers.

Passwords sent over HTTP are NOT secure.


I would like to see you do that with a computer that is not on the same router as the one where your password is being entered. That has to do with cookies if I'm right. If not, then I would agree that there needs to be a change. All I'm saying is you don't even need to convert to HTTPS to actually secure your password.

It doesn't have to do with cookies. I ran a network packet stiffer to watch all packet flows.

You want me to hack a router on the path between me and CC? NO. (My tracert runs comcast.net all the way to texas before it hits rackspace's routers)
rackspace-bbr.dfw1.comcast.net [75.149.230.242] <--- Interesting...rackspace uses comcast?

You want me to find an unsecured wireless access point/public hotspot and watch all the traffic and snoop for passwords? NO.

I believe I've successfully proven my point. It's not even hard to deploy...given it's basically ALREADY SETUP. I'm not asking for the entire website to be redesigned in Flash or something. I've been using HTTPS for everything for some time now and I haven't seen any bugs. It's also plenty fast. I use clickable maps and it keeps up just fine.

Darwins_Bane wrote:My guess would be that on login, when you hit it, the password characters that you type in would immediately use the encryptpass function built in to php. This is a one way function, meaning, that once encrypted, it cannot be unencrypted. What happens is on your first login, the encrypted version of your password is stored in the database, and then every time you try to login, it just checks whether the encryted password is the same one as in the database. This means that, in transit, and at any point along the line, your password is encrypted.

That's a guess, and an interesting one, but just plain wrong.
Colonel bedub1
 
Posts: 1005
Joined: Sun Dec 31, 2006 4:41 am
Medals: 10
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Freestyle Achievement (1) Teammate Achievement (1)
Cross-Map Achievement (1) Ratings Achievement (1) General Contribution (1)

Re: Turn HTTP into HTTPS on login

Postby blakebowling on Thu Mar 03, 2011 5:17 pm

basic_man2010_20 wrote:but what you dont get is SHELLS allow you access to the cpanel wich in turn lets them into the database. acess to that database they could unbann people or give them free preemium for years on end bann people and all that other good stuff. even if its not in a cpanel then they can still upload a shell and get acess to the database.

I'll tell you what, send me a PM with my password in it, and I will stop criticizing your "SHELLS in files argument"

bedub1 wrote:
Darwins_Bane wrote:
bedub1 wrote:For people that seem to know what they are talking about, I'm completely flabbergasted at why people are arguing with me. This is in fact the elephant in the room.

Image

Anybody want to guess what my password was? (I changed it specifically for this test).

Yes...that's right...my password was "securepassword".

I captured this using a program called Wireshark. It used to be called Ethereal. Firesheep is a little program that automates this to make it easier on would be hackers.

Passwords sent over HTTP are NOT secure.


I would like to see you do that with a computer that is not on the same router as the one where your password is being entered. That has to do with cookies if I'm right. If not, then I would agree that there needs to be a change. All I'm saying is you don't even need to convert to HTTPS to actually secure your password.

It doesn't have to do with cookies. I ran a network packet stiffer to watch all packet flows.

You want me to hack a router on the path between me and CC? NO. (My tracert runs comcast.net all the way to texas before it hits rackspace's routers)
rackspace-bbr.dfw1.comcast.net [75.149.230.242] <--- Interesting...rackspace uses comcast?

You want me to find an unsecured wireless access point/public hotspot and watch all the traffic and snoop for passwords? NO.

I believe I've successfully proven my point. It's not even hard to deploy...given it's basically ALREADY SETUP. I'm not asking for the entire website to be redesigned in Flash or something. I've been using HTTPS for everything for some time now and I haven't seen any bugs. It's also plenty fast. I use clickable maps and it keeps up just fine.

Darwins_Bane wrote:My guess would be that on login, when you hit it, the password characters that you type in would immediately use the encryptpass function built in to php. This is a one way function, meaning, that once encrypted, it cannot be unencrypted. What happens is on your first login, the encrypted version of your password is stored in the database, and then every time you try to login, it just checks whether the encryted password is the same one as in the database. This means that, in transit, and at any point along the line, your password is encrypted.

That's a guess, and an interesting one, but just plain wrong.

bedub is right. Providing someone has raw access to your packets (which they have whenever they are on the same WIRELESS network as you, or if they re-route traffic across their machine, or a router they control) they are easily able to sniff through those packets and determine any and all information sent to the internet. However, other than aforementioned internet cafe's, and those with unsecured networks, who would ever be on the same wireless network with someone trying to intercept information from them.

Also, passwords are stored using a hash (because encryption is unrealistic and a PITA for server-side encrypting). Some hashes can be very secure, however, none are un-crackable. Hashes can't be reversed, but given enough time, and knowing the hash method used, the password, or other original input can be determined.

Encryption is on the same principal, being that it is used for security. However anything that is encrypted, can be decrypted. It is very easy if you have the encryption key (which, BTW, is sent over the network when the session is created), however it can still be done without the key, just not in a realistic time frame.

The only downside I see for forcing HTTPS is that some mobile carriers have problems with it on their smartphones. My point still remains that if you are smart, your chances of being hacked are virtually the same on HTTP as HTTPS.
12:39:59 AM rdsrds2120: sorry, I had a lot of lasagna tonight
12:40:06 AM rdsrds2120: I'm pretty out of it. CRAAZZYYY NIGHT
12:31:04 * Metsfanmax quit (kicked from Social by Metsfanmax - reason: haha gotcha now)
12:59:32 * #1_stunna gropes blakebowling
Private blakebowling
Administrator
Administrator
 
Posts: 5032
Joined: Wed Jan 23, 2008 12:09 pm
Location: 127.0.0.1
Medals: 41
Standard Achievement (3) Doubles Achievement (1) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (1)
Assassin Achievement (2) Manual Troops Achievement (1) Freestyle Achievement (3) Fog of War Achievement (3) Speed Achievement (3)
Teammate Achievement (1) Random Map Achievement (1) Ratings Achievement (3) Tournament Achievement (1) General Achievement (3)
Tournament Contribution (3) General Contribution (10)

Re: Turn HTTP into HTTPS on login

Postby bedub1 on Thu Mar 03, 2011 5:43 pm

I can confirm tmobile and the android based Google nexus One works fine with HTTPS and conquerclub. I just successfully logged in via it.
Colonel bedub1
 
Posts: 1005
Joined: Sun Dec 31, 2006 4:41 am
Medals: 10
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Freestyle Achievement (1) Teammate Achievement (1)
Cross-Map Achievement (1) Ratings Achievement (1) General Contribution (1)

Re: Turn HTTP into HTTPS on login

Postby basic_man2010_20 on Thu Mar 03, 2011 7:58 pm

blakebowling wrote:
basic_man2010_20 wrote:but what you dont get is SHELLS allow you access to the cpanel wich in turn lets them into the database. acess to that database they could unbann people or give them free preemium for years on end bann people and all that other good stuff. even if its not in a cpanel then they can still upload a shell and get acess to the database.

I'll tell you what, send me a PM with my password in it, and I will stop criticizing your "SHELLS in files argument"


okay so you want me to do this i will try to get incontact with someone i know over in teh jiddle east thats a hacker and hacks mafia sites via shells. i will have him try shells and things for the site see how secure this site really is?
Cook basic_man2010_20
 
Posts: 469
Joined: Sun Sep 05, 2010 11:26 am
Medals: 28
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (2)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (3) Fog of War Achievement (3) Speed Achievement (2)
Random Map Achievement (1) Cross-Map Achievement (1) Ratings Achievement (2) General Achievement (1) Tournament Contribution (4)

Re: Turn HTTP into HTTPS on login

Postby blakebowling on Thu Mar 03, 2011 8:12 pm

basic_man2010_20 wrote:
blakebowling wrote:
basic_man2010_20 wrote:but what you dont get is SHELLS allow you access to the cpanel wich in turn lets them into the database. acess to that database they could unbann people or give them free preemium for years on end bann people and all that other good stuff. even if its not in a cpanel then they can still upload a shell and get acess to the database.

I'll tell you what, send me a PM with my password in it, and I will stop criticizing your "SHELLS in files argument"


okay so you want me to do this i will try to get incontact with someone i know over in teh jiddle east thats a hacker and hacks mafia sites via shells. i will have him try shells and things for the site see how secure this site really is?

Yes, Yes I do. Send me my exact password in a private message. I'm calling your bluff.
12:39:59 AM rdsrds2120: sorry, I had a lot of lasagna tonight
12:40:06 AM rdsrds2120: I'm pretty out of it. CRAAZZYYY NIGHT
12:31:04 * Metsfanmax quit (kicked from Social by Metsfanmax - reason: haha gotcha now)
12:59:32 * #1_stunna gropes blakebowling
Private blakebowling
Administrator
Administrator
 
Posts: 5032
Joined: Wed Jan 23, 2008 12:09 pm
Location: 127.0.0.1
Medals: 41
Standard Achievement (3) Doubles Achievement (1) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (1)
Assassin Achievement (2) Manual Troops Achievement (1) Freestyle Achievement (3) Fog of War Achievement (3) Speed Achievement (3)
Teammate Achievement (1) Random Map Achievement (1) Ratings Achievement (3) Tournament Achievement (1) General Achievement (3)
Tournament Contribution (3) General Contribution (10)

Re: Turn HTTP into HTTPS on login

Postby basic_man2010_20 on Thu Mar 03, 2011 8:14 pm

yes i have just hit a perosn up on msn and he will be on later to look around.
Cook basic_man2010_20
 
Posts: 469
Joined: Sun Sep 05, 2010 11:26 am
Medals: 28
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (2)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (3) Fog of War Achievement (3) Speed Achievement (2)
Random Map Achievement (1) Cross-Map Achievement (1) Ratings Achievement (2) General Achievement (1) Tournament Contribution (4)

Re: Turn HTTP into HTTPS on login

Postby basic_man2010_20 on Thu Mar 03, 2011 8:14 pm

im w says
hey thanks for adding me. i have a quick question to ask you
Stephen says
alright
Tim w says
okay so ive been playing on an online risk game called conquerclub, there was a suggestion to make the entire site HTTP's instead of just http. i support that and i told them why, as without it shells and things can be uploaded and can get peoples usernames passwords and all that info. now one of teh moderaters/helpers for teh site told me to message him with his password and he will agree with me
so i was wondering would it be possable for you to get that info for me so that they will realize that it is in fact possable
Stephen says
Shell wouldnt be the cause of shells being uploaded to the site. HTTPS is just to secure your details more when purchasing stuff.
Shell would be uploaded probably because of bad coding etc. Is there anything in the game that allow uploads of files?
Tim w says
well i know that it allows for photobucket pics but it dont allow .swf.
Stephen says
Well then the game shoudl be fine from Shell Attacks unless there some scode that isnt filled / uploading.
ill have to sign up in a bit and check around.
Tim w says
okay well teh site is http://www.conquerclub.com
Cook basic_man2010_20
 
Posts: 469
Joined: Sun Sep 05, 2010 11:26 am
Medals: 28
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (2)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (3) Fog of War Achievement (3) Speed Achievement (2)
Random Map Achievement (1) Cross-Map Achievement (1) Ratings Achievement (2) General Achievement (1) Tournament Contribution (4)

Re: Turn HTTP into HTTPS on login

Postby Woodruff on Thu Mar 03, 2011 9:11 pm

blakebowling wrote:Yes, Yes I do. Send me my exact password in a private message. I'm calling your bluff.


It's "ILovePeteWeber", isn't it?
...I prefer a man who will burn the flag and then wrap himself in the Constitution to a man who will burn the Constitution and then wrap himself in the flag.
User avatar
Corporal 1st Class Woodruff
 
Posts: 4973
Joined: Sat Jan 05, 2008 9:15 am
Medals: 27
Standard Achievement (4) Quadruples Achievement (1) Terminator Achievement (2) Manual Troops Achievement (1) Fog of War Achievement (3)
Speed Achievement (3) Teammate Achievement (1) Random Map Achievement (1) Cross-Map Achievement (3) Ratings Achievement (4)
Tournament Contribution (4)

Re: Turn HTTP into HTTPS on login

Postby Metsfanmax on Thu Mar 03, 2011 9:12 pm

basic_man2010_20 wrote:im w says
hey thanks for adding me. i have a quick question to ask you
Stephen says
alright
Tim w says
okay so ive been playing on an online risk game called conquerclub, there was a suggestion to make the entire site HTTP's instead of just http. i support that and i told them why, as without it shells and things can be uploaded and can get peoples usernames passwords and all that info. now one of teh moderaters/helpers for teh site told me to message him with his password and he will agree with me
so i was wondering would it be possable for you to get that info for me so that they will realize that it is in fact possable
Stephen says
Shell wouldnt be the cause of shells being uploaded to the site. HTTPS is just to secure your details more when purchasing stuff.
Shell would be uploaded probably because of bad coding etc. Is there anything in the game that allow uploads of files?
Tim w says
well i know that it allows for photobucket pics but it dont allow .swf.
Stephen says
Well then the game shoudl be fine from Shell Attacks unless there some scode that isnt filled / uploading.
ill have to sign up in a bit and check around.
Tim w says
okay well teh site is http://www.conquerclub.com


Lulz. Is this guy for real?
User avatar
Sergeant 1st Class Metsfanmax
 
Posts: 4172
Joined: Wed Apr 11, 2007 11:01 pm
Location: NY
Medals: 43
Standard Achievement (3) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (1)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (1) Nuclear Spoils Achievement (1) Fog of War Achievement (3)
Trench Warfare Achievement (1) Speed Achievement (3) Teammate Achievement (1) Random Map Achievement (1) Cross-Map Achievement (1)
Battle Royale Achievement (1) Ratings Achievement (2) Tournament Achievement (1) General Achievement (7) Clan Achievement (2)
General Contribution (7)

Re: Turn HTTP into HTTPS on login

Postby QoH on Thu Mar 03, 2011 9:27 pm

He might be for real, but I doubt he's from "teh jiddle east"
Major QoH
 
Posts: 1835
Joined: Fri Aug 20, 2010 12:37 pm
Medals: 78
Standard Achievement (3) Doubles Achievement (3) Triples Achievement (2) Quadruples Achievement (3) Terminator Achievement (2)
Assassin Achievement (2) Manual Troops Achievement (3) Freestyle Achievement (3) Nuclear Spoils Achievement (3) Fog of War Achievement (4)
Trench Warfare Achievement (2) Speed Achievement (3) Teammate Achievement (2) Random Map Achievement (2) Cross-Map Achievement (3)
Battle Royale Achievement (1) Ratings Achievement (3) Tournament Achievement (9) General Achievement (7) Clan Achievement (10)
Training Achievement (1) Tournament Contribution (7)

Re: Turn HTTP into HTTPS on login

Postby blakebowling on Thu Mar 03, 2011 9:31 pm

Metsfanmax wrote:
basic_man2010_20 wrote:im w says
hey thanks for adding me. i have a quick question to ask you
Stephen says
alright
Tim w says
okay so ive been playing on an online risk game called conquerclub, there was a suggestion to make the entire site HTTP's instead of just http. i support that and i told them why, as without it shells and things can be uploaded and can get peoples usernames passwords and all that info. now one of teh moderaters/helpers for teh site told me to message him with his password and he will agree with me
so i was wondering would it be possable for you to get that info for me so that they will realize that it is in fact possable
Stephen says
Shell wouldnt be the cause of shells being uploaded to the site. HTTPS is just to secure your details more when purchasing stuff.
Shell would be uploaded probably because of bad coding etc. Is there anything in the game that allow uploads of files?
Tim w says
well i know that it allows for photobucket pics but it dont allow .swf.
Stephen says
Well then the game shoudl be fine from Shell Attacks unless there some scode that isnt filled / uploading.
ill have to sign up in a bit and check around.
Tim w says
okay well teh site is http://www.conquerclub.com


Lulz. Is this guy for real?

If he is I'm having the internet disconnected.
12:39:59 AM rdsrds2120: sorry, I had a lot of lasagna tonight
12:40:06 AM rdsrds2120: I'm pretty out of it. CRAAZZYYY NIGHT
12:31:04 * Metsfanmax quit (kicked from Social by Metsfanmax - reason: haha gotcha now)
12:59:32 * #1_stunna gropes blakebowling
Private blakebowling
Administrator
Administrator
 
Posts: 5032
Joined: Wed Jan 23, 2008 12:09 pm
Location: 127.0.0.1
Medals: 41
Standard Achievement (3) Doubles Achievement (1) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (1)
Assassin Achievement (2) Manual Troops Achievement (1) Freestyle Achievement (3) Fog of War Achievement (3) Speed Achievement (3)
Teammate Achievement (1) Random Map Achievement (1) Ratings Achievement (3) Tournament Achievement (1) General Achievement (3)
Tournament Contribution (3) General Contribution (10)

Re: Turn HTTP into HTTPS on login

Postby basic_man2010_20 on Thu Mar 03, 2011 11:09 pm

im not 100% on where hes from but his names stephan he has a web server actualy. and yes hes for real
Cook basic_man2010_20
 
Posts: 469
Joined: Sun Sep 05, 2010 11:26 am
Medals: 28
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (2)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (3) Fog of War Achievement (3) Speed Achievement (2)
Random Map Achievement (1) Cross-Map Achievement (1) Ratings Achievement (2) General Achievement (1) Tournament Contribution (4)

Re: Turn HTTP into HTTPS on login

Postby Metsfanmax on Fri Mar 04, 2011 12:41 am

basic_man2010_20 wrote:im not 100% on where hes from but his names stephan he has a web server actualy. and yes hes for real


I was asking if you are for real. You went on for like two pages about how shell scripts could be used to hack into the CPanel, and then contacted your hacker buddy and he said you were wrong. And you posted that for everyone to see.
User avatar
Sergeant 1st Class Metsfanmax
 
Posts: 4172
Joined: Wed Apr 11, 2007 11:01 pm
Location: NY
Medals: 43
Standard Achievement (3) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (1)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (1) Nuclear Spoils Achievement (1) Fog of War Achievement (3)
Trench Warfare Achievement (1) Speed Achievement (3) Teammate Achievement (1) Random Map Achievement (1) Cross-Map Achievement (1)
Battle Royale Achievement (1) Ratings Achievement (2) Tournament Achievement (1) General Achievement (7) Clan Achievement (2)
General Contribution (7)

Re: Turn HTTP into HTTPS on login

Postby bedub1 on Fri Mar 04, 2011 1:10 am

Metsfanmax wrote:
basic_man2010_20 wrote:im not 100% on where hes from but his names stephan he has a web server actualy. and yes hes for real


I was asking if you are for real. You went on for like two pages about how shell scripts could be used to hack into the CPanel, and then contacted your hacker buddy and he said you were wrong. And you posted that for everyone to see.

Turtle Power! Heroes in a half shell!
Colonel bedub1
 
Posts: 1005
Joined: Sun Dec 31, 2006 4:41 am
Medals: 10
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Freestyle Achievement (1) Teammate Achievement (1)
Cross-Map Achievement (1) Ratings Achievement (1) General Contribution (1)

Re: Turn HTTP into HTTPS on login

Postby chipv on Fri Mar 04, 2011 2:56 am

Just seen this suggestion, great idea (for login).
User avatar
Colonel chipv
 
Posts: 2756
Joined: Mon Apr 28, 2008 5:30 pm
Medals: 44
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (2) Quadruples Achievement (2) Terminator Achievement (2)
Manual Troops Achievement (1) Freestyle Achievement (1) Nuclear Spoils Achievement (2) Fog of War Achievement (2) Cross-Map Achievement (3)
Ratings Achievement (2) Tournament Achievement (5) General Achievement (2) Clan Achievement (5) Map Contribution (1)
General Contribution (10)

Re: Turn HTTP into HTTPS on login

Postby basic_man2010_20 on Fri Mar 04, 2011 7:50 am

no actually he said he would check around theres still ways to hack without shells if i am incorrect. as most ways are the .swf wich they dont allow.
Cook basic_man2010_20
 
Posts: 469
Joined: Sun Sep 05, 2010 11:26 am
Medals: 28
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (2)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (3) Fog of War Achievement (3) Speed Achievement (2)
Random Map Achievement (1) Cross-Map Achievement (1) Ratings Achievement (2) General Achievement (1) Tournament Contribution (4)

Re: Turn HTTP into HTTPS on login

Postby Metsfanmax on Fri Mar 04, 2011 9:16 am

basic_man2010_20 wrote:no actually he said he would check around theres still ways to hack without shells if i am incorrect. as most ways are the .swf wich they dont allow.


Ok, but do you understand that the issue of hacking into the server and the issue of hacking into some random guy's personal router are totally different topics?
User avatar
Sergeant 1st Class Metsfanmax
 
Posts: 4172
Joined: Wed Apr 11, 2007 11:01 pm
Location: NY
Medals: 43
Standard Achievement (3) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (1)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (1) Nuclear Spoils Achievement (1) Fog of War Achievement (3)
Trench Warfare Achievement (1) Speed Achievement (3) Teammate Achievement (1) Random Map Achievement (1) Cross-Map Achievement (1)
Battle Royale Achievement (1) Ratings Achievement (2) Tournament Achievement (1) General Achievement (7) Clan Achievement (2)
General Contribution (7)

Re: Turn HTTP into HTTPS on login

Postby bedub1 on Fri Mar 04, 2011 12:16 pm

http://blogs.villagevoice.com/runninsca ... hacked.php

I just want everybody to know I came up with this shit on my own..and didn't copy this stupid senator. Instead...the senator copied me. This just confirms what I've believed all along...that they've got a bug implanted in my brain.

Power to the sheepel! 8-[
Colonel bedub1
 
Posts: 1005
Joined: Sun Dec 31, 2006 4:41 am
Medals: 10
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Freestyle Achievement (1) Teammate Achievement (1)
Cross-Map Achievement (1) Ratings Achievement (1) General Contribution (1)

Re: Turn HTTP into HTTPS on login

Postby Ace Rimmer on Fri Mar 04, 2011 12:22 pm

I thought I posted here already, must have only been in live chat. I use HTTPS for everything on this site and have no issues with slowness/etc. It's a good idea and basic security to encrypt your login information, even if you don't encrypt anything else. It should be done.
User avatar
Captain Ace Rimmer
 
Posts: 1908
Joined: Mon Dec 01, 2008 1:22 pm
Medals: 72
Standard Achievement (3) Doubles Achievement (3) Triples Achievement (2) Quadruples Achievement (2) Terminator Achievement (1)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (2) Nuclear Spoils Achievement (2) Fog of War Achievement (3)
Trench Warfare Achievement (1) Speed Achievement (2) Teammate Achievement (2) Random Map Achievement (2) Cross-Map Achievement (3)
Ratings Achievement (3) Tournament Achievement (10) General Achievement (7) Clan Achievement (9) Map Contribution (1)
Tournament Contribution (7) General Contribution (4)

Re: Turn HTTP into HTTPS on login

Postby bedub1 on Sun Mar 06, 2011 2:22 am

Thanks for your support everybody. So far it seems everybody supports this idea except the 2 suggestions moderators that have posted about it....
Colonel bedub1
 
Posts: 1005
Joined: Sun Dec 31, 2006 4:41 am
Medals: 10
Standard Achievement (2) Doubles Achievement (2) Triples Achievement (1) Freestyle Achievement (1) Teammate Achievement (1)
Cross-Map Achievement (1) Ratings Achievement (1) General Contribution (1)

Re: Turn HTTP into HTTPS on login

Postby blakebowling on Sun Mar 06, 2011 8:11 am

bedub1 wrote:Thanks for your support everybody. So far it seems everybody supports this idea except the 2 suggestions moderators that have posted about it....

I personally don't think it's necessary. But in the end it's about what the community as a whole thinks.

Stickied.
12:39:59 AM rdsrds2120: sorry, I had a lot of lasagna tonight
12:40:06 AM rdsrds2120: I'm pretty out of it. CRAAZZYYY NIGHT
12:31:04 * Metsfanmax quit (kicked from Social by Metsfanmax - reason: haha gotcha now)
12:59:32 * #1_stunna gropes blakebowling
Private blakebowling
Administrator
Administrator
 
Posts: 5032
Joined: Wed Jan 23, 2008 12:09 pm
Location: 127.0.0.1
Medals: 41
Standard Achievement (3) Doubles Achievement (1) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (1)
Assassin Achievement (2) Manual Troops Achievement (1) Freestyle Achievement (3) Fog of War Achievement (3) Speed Achievement (3)
Teammate Achievement (1) Random Map Achievement (1) Ratings Achievement (3) Tournament Achievement (1) General Achievement (3)
Tournament Contribution (3) General Contribution (10)

PreviousNext

Return to Implemented Suggestions

Who is online

Users browsing this forum: No registered users

Login