Join us on Discord!
You can help CodeWalrus stay online by donating here.

Killing HTTP support on CodeWalrus (site would become HTTPS-only)

Started by Dream of Omnimaga, April 06, 2016, 11:49:19 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Should we kill HTTP access support on CW and make the site HTTPS-only for security?

Yes
18 (85.7%)
No
3 (14.3%)

Total Members Voted: 21

Dudeman313

Quote from: DJ Omnimaga on April 07, 2016, 07:04:58 PM
Also why is the site default page still showing up as rick.codewalr.us? ???
Maybe that's something for the Easter Egg thread. :D
  • Calculators owned: TI-84 PCE
  • Consoles, mobile devices and vintage computers owned: Android O Phone
Does this qualify as a signature? 
The answer is "Sure."


Dream of Omnimaga

Nah it was set like that until the August 9th data loss. But for whatever reasons, some of the site stuff still seems to direct there. At least, though, when someone types an invalid domain name it now redirects to the forums, not a pic of Rick Astley.
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

Dudeman313

  • Calculators owned: TI-84 PCE
  • Consoles, mobile devices and vintage computers owned: Android O Phone
Does this qualify as a signature? 
The answer is "Sure."


Dream of Omnimaga

Not yet, and I think what will happen instead is that we'll make http automatically redirect or something like that.
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

Yuki

Quote from: DJ Omnimaga on April 15, 2016, 05:59:02 AM
Not yet, and I think what will happen instead is that we'll make http automatically redirect or something like that.
That's actually the point, if we're gonna kill http, it does mean it's gonna redirect to https, or else the site is gonna be unusable.
  • Calculators owned: TI-83+ (dead?), Casio Prizm (also dead???)
  • Consoles, mobile devices and vintage computers owned: A lot
Read Zarmina!
YUKI-CHAAAANNNN
In the beginning there was walrii. In the end there will be walrii. All hail our supreme leader :walrii: --Snektron

if you wanna throw money at me and/or CodeWalrus monthly it's here

Dream of Omnimaga

Quote from: Juju on April 15, 2016, 01:48:18 PM
Quote from: DJ Omnimaga on April 15, 2016, 05:59:02 AM
Not yet, and I think what will happen instead is that we'll make http automatically redirect or something like that.
That's actually the point, if we're gonna kill http, it does mean it's gonna redirect to https, or else the site is gonna be unusable.
IIRC, disabling https was what Omni did last year though, right? The site didn't even work in that mode. That changed more recently, though.
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

Dudeman313

When? 'Cause there used to be a time I could access the full Omnimaga site on my Nokia E63, thru Opera Mini, and even use IRC there, but since last month, all I got was a blank page.
  • Calculators owned: TI-84 PCE
  • Consoles, mobile devices and vintage computers owned: Android O Phone
Does this qualify as a signature? 
The answer is "Sure."


Dream of Omnimaga

Somewhere around October 2014 until earlier in 2016 or maybe before. I don't know if they changed anything afterwards or if it fixed itself, though. They rarely make any site updates public, unlike Cemetech, TI-Planet and CodeWalrus (which have site update threads such as this one)
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

allynfolksjr

Very nice change! Thanks for taking our security seriously. :)

c4ooo

What is the problem of letting people use HTTP if they want to? There's security risk for the server if the users use HTTP, right?

DarkestEx

Quote from: c4ooo on April 30, 2016, 08:19:26 PM
What is the problem of letting people use HTTP if they want to? There's security risk for the server if the users use HTTP, right?
I totally agree. Leave HTTP support intact!
  • Calculators owned: TI-84+, Casio 101-S, RPN-Calc, Hewlett-Packard 100LX, Hewlett-Packard 95LX
  • Consoles, mobile devices and vintage computers owned: Original Commodore 64C, C64 DTV, Nintendo GameBoy Color, Nintendo GameCube, Xbox 360, PlayStation 2

c4ooo


Dream of Omnimaga

The problem is apparently when logging in with Sorunome's mod. Passwords are encrypted and stuff and using HTTP renders any form of encrypting useless. Personally I would not disable it entirely and tell users to use it at their own risk, but it depends.
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

DarkestEx

Quote from: DJ Omnimaga on May 01, 2016, 03:02:45 AM
The problem is apparently when logging in with Sorunome's mod. Passwords are encrypted and stuff and using HTTP renders any form of encrypting useless. Personally I would not disable it entirely and tell users to use it at their own risk, but it depends.
I don't give af about my password being sent using http as long as compatibility is maintained. I am sure people use https themselves if they care enough. If they don't then they don't use it. I would rather suggest adding a warning when login in using http. Just a plain red box saying: "You are not using the HTTPS version of the site, so your credentials are sent in plain text. If you don't want that you can switch to the https version here [link]."
  • Calculators owned: TI-84+, Casio 101-S, RPN-Calc, Hewlett-Packard 100LX, Hewlett-Packard 95LX
  • Consoles, mobile devices and vintage computers owned: Original Commodore 64C, C64 DTV, Nintendo GameBoy Color, Nintendo GameCube, Xbox 360, PlayStation 2

Dream of Omnimaga

Yeah we could modify the warning that way. Also yeah this is why we made that poll.
  • Calculators owned: TI-82 Advanced Edition Python TI-84+ TI-84+CSE TI-84+CE TI-84+CEP TI-86 TI-89T cfx-9940GT fx-7400G+ fx 1.0+ fx-9750G+ fx-9860G fx-CG10 HP 49g+ HP 39g+ HP 39gs (bricked) HP 39gII HP Prime G1 HP Prime G2 Sharp EL-9600C
  • Consoles, mobile devices and vintage computers owned: Huawei P30 Lite, Moto G 5G, Nintendo 64 (broken), Playstation, Wii U

Powered by EzPortal