Page 2 of 2

Re: https for atari-forum.com

Posted: Fri Apr 19, 2019 10:45 am
by vido
mikro wrote:This is similar to the native vs. cross compiler development debate. Sure, some like the spirit of working on the actual machine but some prefer the speed and modern tools. It would be wrong if people from the first group would be forcing everyone to use PureC and Devpac just because they enjoy the feeling and let others suffer from much more inefficient tools, in the end leading to halt of their development/atari efforts because they couldn't bare using such ancient and obsolete tools/libraries/debugging abilities.

I disagree here Mikro. Nobody of the first group is forcing anyone not to use https. It is just oposite. The second group would like to force Atari users to use their Ataris less = make them less usable ;)

Re: https for atari-forum.com

Posted: Fri Apr 19, 2019 12:00 pm
by jury
Yes, exactly! ( and I'm saying it as the one who do not use native browsers and uses cross tools )

Re: https for atari-forum.com

Posted: Sat Apr 20, 2019 5:01 pm
by 1st1
Hello, it's about security. It's about privacy. It's about the password you use, maybe multiple times on other sites as well. It's about forum beeing hacked by grabbing clear text passwords from moderators and administrators via phishing or man-in-the-middle-attack.

Re: https for atari-forum.com

Posted: Sun Apr 21, 2019 7:02 am
by arf
I don’t get why this discussion is often about having HTTP _or_ HTTPS. Actually, you can have both. There’s no technical requirement to forward HTTP requests to HTTPs. A site can offer both protocols, and the user can decide which to use. It’s only that many sites do the redirect, to protect the user’s data.

But the site owner decides what’s implemented.

Re: https for atari-forum.com

Posted: Sun Apr 21, 2019 7:18 am
by vido
arf wrote:I don’t get why this discussion is often about having HTTP _or_ HTTPS. Actually, you can have both. There’s no technical requirement to forward HTTP requests to HTTPs. A site can offer both protocols, and the user can decide which to use. It’s only that many sites do the redirect, to protect the user’s data.

But the site owner decides what’s implemented.

Then it is easy to have all happy. Just to implement https and keep http. :)

Re: https for atari-forum.com

Posted: Sun Apr 21, 2019 7:56 am
by dma
And then maybe HTTP to HTTPS redirection could be activated by a profile setting ? (off by default, to satisfy non compatible HTTP browser users)

Re: https for atari-forum.com

Posted: Sun Apr 21, 2019 3:01 pm
by SteveBagley
dma wrote:And then maybe HTTP to HTTPS redirection could be activated by a profile setting ? (off by default, to satisfy non compatible HTTP browser users)


The HTTP User agent might be a better option to use -- by default redirect to https:// unless the User Agent matches a set of whitelisted Atari browsers?

Steve

Re: https for atari-forum.com

Posted: Sun Apr 21, 2019 3:39 pm
by dma
SteveBagley wrote:The HTTP User agent might be a better option to use -- by default redirect to https:// unless the User Agent matches a set of whitelisted Atari browsers?

Ah yes indeed, also considering the same user could use both kind of browsers.
but then let's hope that Atari browsers doesn't mask themselves behind common user-agent strings to access certain websites blocking unknown clients.

Re: https for atari-forum.com

Posted: Mon Apr 22, 2019 5:14 pm
by christos
At first I thought well, I want to be able to access the forum when I am on the atari, trying to code something and I need a quick reference. But, indeed it's better to have ssl.
(How hard would adding ssl to highwire be?)

Re: https for atari-forum.com

Posted: Mon Apr 22, 2019 6:01 pm
by EmpireAndrew
Given the site uses an off the shelf forum package that uses css, javascript and cookies I can't imagine there are many ppl using this on their Atari? I certainly wish we could but I doubt it's practical for the work that would be involved...

If we switch to https now we should be using at least TLS 1.3 (no lower, and certainly not SSL) which means only browsers from the last few years will work at all (this is a trend on the net).

I do like the idea of leaving http available for someone to choose to use if they have an older machine instead of redirecting, but of course they could fall for a man in the middle attack and lose their password and if they've used it on other sites that could be a problem. But... if people do things like choose to use http when https is available, and use the same passwords on other sites I have little sympathy...

Re: https for atari-forum.com

Posted: Tue Apr 23, 2019 6:53 am
by joska
Something like a QWK/SOUP gateway for phpBB would be great... Then we could use this forum with native applications on our Ataris.

Re: https for atari-forum.com

Posted: Wed Apr 24, 2019 5:24 am
by wongck
ah.... back to the good old BBS days...

Re: https for atari-forum.com

Posted: Thu Jul 18, 2019 12:02 pm
by Rustynutt
Transparent Gif's :)
That was so cool using CAB the first time.

Sorta topic. Been some years ago recall using "website translators". Forget the proper term, think they got you around the security stuff.

I'm feeling the need to cleanse myself, is there a good purpose public site designed to handle plain browser compatibly?