SUBSIM Radio Room Forums


SUBSIM: The Web's #1 BBS for all submarine and naval simulations since 1997

Go Back   SUBSIM Radio Room Forums > General > Comments to SUBSIM Review
Forget password? Reset here

Reply
 
Thread Tools Display Modes
Old 01-07-2019, 03:04 PM   #1
CDR DPH
A-ganger
 
Join Date: Jun 2018
Posts: 78
Downloads: 18
Uploads: 0


Default SubSim.com and SSL

Are there any plans to implement https (or get it working again)?

Not a lot of personal info at risk here but we are submitting passwords at login. A serious website that doesn't offer https connections is a rarity these days.

Rgds.
CDR DPH is offline   Reply With Quote
Old 01-12-2019, 05:12 AM   #2
Eichhörnchen
Starte Das Auto
 
Eichhörnchen's Avatar
 
Join Date: Aug 2014
Location: Classified
Posts: 11,437
Downloads: 5
Uploads: 0


Default

I think I only worry about a site not having a SSL cert if I'm buying from them online; I don't know whether a repeat subscription to Subsim counts as such...
__________________
<img src=http://www.subsim.com/radioroom/image.php?type=sigpic&userid=329818&dateline=1428780552 border=0 alt= />
Eichhörnchen is offline   Reply With Quote
Old 01-18-2019, 05:50 PM   #3
CDR DPH
A-ganger
 
Join Date: Jun 2018
Posts: 78
Downloads: 18
Uploads: 0


Default

I don't see no SSL as a deal breaker here on SubSim even if my ISP or "the 5 Eyes" can intercept my posts. However, for those that use similar logons on other sites (I know, they have been told umpteen times not to do this), someone being able to snag logon credentials being sent in the clear could contribute to a compromised account somewhere else.
CDR DPH is offline   Reply With Quote
Old 01-19-2019, 06:58 AM   #4
Eichhörnchen
Starte Das Auto
 
Eichhörnchen's Avatar
 
Join Date: Aug 2014
Location: Classified
Posts: 11,437
Downloads: 5
Uploads: 0


Default

I don't understand all of this anyway, so the only way I feel more relaxed about things is not to do any business online which requires me to divulge my main credi/debit card numbers; we keep a separate bank account for buying stuff on ebay which never has much money in it... only £30 or so at the most.

I don't keep any money in my business or personal Paypal accounts either

But if people want to steal my identity well I think they'll probably have plenty of other ways to do that... and in the UK our banks are obliged to refund any funds fraudulently removed from your account just so long as you haven't been reckless over security
__________________
<img src=http://www.subsim.com/radioroom/image.php?type=sigpic&userid=329818&dateline=1428780552 border=0 alt= />
Eichhörnchen is offline   Reply With Quote
Old 01-22-2019, 06:12 PM   #5
Onkel Neal
Born to Run Silent
 
Onkel Neal's Avatar
 
Join Date: Jan 1997
Location: Cougar Trap, Texas
Posts: 17,407
Downloads: 389
Uploads: 196


Default

I've been meaning to switch, but it will require a sizable time commitment, so hopefully I can schedule some vacation time off from work.
__________________
.
When Mike Tyson was asked by a reporter whether he was worried about Evander Holyfield and his fight plan he answered; “Everyone has a plan until they get punched in the mouth.”
Onkel Neal is offline   Reply With Quote
Old 02-11-2019, 02:03 PM   #6
Catonga
Swabbie
 
Join Date: Nov 2002
Posts: 5
Downloads: 2
Uploads: 0
Default

Quote:
Originally Posted by CDR DPH View Post
Are there any plans to implement https (or get it working again)?

Not a lot of personal info at risk here but we are submitting passwords at login. A serious website that doesn't offer https connections is a rarity these days.

Rgds.
I agree.
With "Let's encrypt" certificates there is really no excuse today to not use SSL encryption.
You can get a "let's encrypt certifcate" for free:
https://letsencrypt.org/
https://en.wikipedia.org/wiki/Let%27s_Encrypt


Also, if i enter https:// in front of the forum url, i get a certifacte error because the used certificate is only for the domains server.subsim.com and www.server.subsim.com, but not www.subsim.com.

You can try it on your own, this is the link:
https://www.subsim.com/radioroom/index.php

And this is the error message:
SSL_ERROR_BAD_CERT_DOMAIN

Without ssl, passwords can be read in cleartext and thus accounts can be stolen.
If an intruder does have the accounts, he also does have the email address related to the account and then the email address will be used for spam.


This should really be changed and because the server is also communicating with people from the EU it is also a must, according to the "General Data Protection Regulation" which is a law, where violating against it can get very expensive. Even if the server is not in the EU.

Read here for more information:
https://en.wikipedia.org/wiki/Genera...ion_Regulation

Last edited by Catonga; 02-11-2019 at 02:31 PM.
Catonga is offline   Reply With Quote
Reply

Tags
https , ssl , subsim connection

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 10:49 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright © 1995- 2019 Subsim