The officially official Devuan Forum!

You are not logged in.

#1 2024-01-17 03:02:47

Nietz
Member
Registered: 2023-12-16
Posts: 13  

Forum Login Security

Do any other users have concerns about logging in through an insecure portal?

  I have not yet asked:  should our forum login page be over a secure connection?

  Thank you for your thoughts

Offline

#2 2024-01-17 05:57:13

quickfur
Member
Registered: 2023-12-14
Posts: 308  

Re: Forum Login Security

What's insecure about the current login page?

Offline

#3 2024-01-17 06:53:36

pcalvert
Member
Registered: 2017-05-15
Posts: 199  

Re: Forum Login Security

Recently, the login page link for the forum was not secure (http instead of https). I don't remember how long it was like that. Whenever I encountered this, I would copy the link, paste it into a text editor, change it from http to https, and then log in using the corrected link.

However, I have not seen this behavior lately. Maybe it only happens under certain conditions. If it happens again I will report it here.


Freespoke is a new search engine that respects user privacy and does not engage in censorship.
Another one is called Luxxle.

Offline

#4 2024-01-17 10:45:53

steve_v
Member
Registered: 2018-01-11
Posts: 366  

Re: Forum Login Security

Nietz wrote:

Do any other users have concerns about logging in through an insecure portal?

No. I don't reuse passwords, the probability of somebody running a MITM attack on my login to a random forum is miniscule, and even if they did and managed to impersonate me here, who the hell would care?

Nietz wrote:

should our forum login page be over a secure connection?

It is. If you do somehow get redirected to the login form over HTTP (which I haven't seen myself), that's easy to prevent on the browser end with the likes of the HTTPS-everywhere extension.

This ubiquitous bleating about HTTPS with complete disregard for attack surface, user responsibility and basic password hygiene, or even relevance is quite tiring.
Security is a process, not "if [[ ${URL bar} =~ "padlock icon"  ]]; then sleep; else panic; fi".

Last edited by steve_v (2024-01-17 10:52:44)


Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

Online

#5 2024-01-17 12:57:56

stopAI
Member
Registered: 2023-04-04
Posts: 147  

Re: Forum Login Security

Hello.

No. Current login page is secure. It is using https protocol. Here proof

2024-01-17-14-01-1705495965.jpg

Offline

#6 2024-01-17 16:20:38

DelTomix
Administrator
Registered: 2023-08-30
Posts: 5  

Re: Forum Login Security

Hi Nietz!

Do any other users have concerns about logging in through an insecure portal?

Users running browsers normally will be always redirected to the https, and modern browsers of all flavours will prevent insecure post requests or cookie responses from secure pages to insecure ones. I've not seen or been able to reproduce insecure login from a regular browser with standard configuration.

should our forum login page be over a secure connection?

Certainly it should, and it does.  - That said however - there are some improvements that can be made that I've already been working on. i.e. 80 needs a hard 301 -> 443.

- DelTomix

Offline

Board footer