https for atari-forum.com

News, updates, like or dislike

Moderators: Mug UK, Silver Surfer, Moderator Team

vido
Atari Super Hero
Atari Super Hero
Posts: 674
Joined: Mon Jan 31, 2011 7:39 pm

Re: https for atari-forum.com

Postby vido » Fri Apr 19, 2019 10:45 am

mikro wrote:This is similar to the native vs. cross compiler development debate. Sure, some like the spirit of working on the actual machine but some prefer the speed and modern tools. It would be wrong if people from the first group would be forcing everyone to use PureC and Devpac just because they enjoy the feeling and let others suffer from much more inefficient tools, in the end leading to halt of their development/atari efforts because they couldn't bare using such ancient and obsolete tools/libraries/debugging abilities.

I disagree here Mikro. Nobody of the first group is forcing anyone not to use https. It is just oposite. The second group would like to force Atari users to use their Ataris less = make them less usable ;)

jury
Captain Atari
Captain Atari
Posts: 357
Joined: Tue Sep 21, 2004 11:11 am
Location: Poland

Re: https for atari-forum.com

Postby jury » Fri Apr 19, 2019 12:00 pm

Yes, exactly! ( and I'm saying it as the one who do not use native browsers and uses cross tools )

User avatar
1st1
Atari Super Hero
Atari Super Hero
Posts: 824
Joined: Mon May 07, 2012 11:48 am

Re: https for atari-forum.com

Postby 1st1 » Sat Apr 20, 2019 5:01 pm

Hello, it's about security. It's about privacy. It's about the password you use, maybe multiple times on other sites as well. It's about forum beeing hacked by grabbing clear text passwords from moderators and administrators via phishing or man-in-the-middle-attack.
Power without the Price. It's not a bug. It's a feature. _/|\_ATARI

1040STFM in PC-Tower (PAK68/2, OvrScn, 4 MB, 1GB SCSI, CD-ROM...) * 2x Falcon 030 32GB/14MB+ScrnBlstrIII * 2x TT030 73GB/20MB+Nova * 520/1040STFM * 520/1040STE * 260/520ST/+ * some Mega ST * 2x Mega STE 500MB/4MB+M.CoCo * Stacy * STBook * SLM605 * SLM804 * SLM605 * SMM804 * SH 204/205 * Megafile 30/44/60 * SF314 * SF354 * 5x Pofo * PC3

arf
Captain Atari
Captain Atari
Posts: 201
Joined: Thu May 17, 2012 9:56 pm
Location: Germany

Re: https for atari-forum.com

Postby arf » Sun Apr 21, 2019 7:02 am

I don’t get why this discussion is often about having HTTP _or_ HTTPS. Actually, you can have both. There’s no technical requirement to forward HTTP requests to HTTPs. A site can offer both protocols, and the user can decide which to use. It’s only that many sites do the redirect, to protect the user’s data.

But the site owner decides what’s implemented.

vido
Atari Super Hero
Atari Super Hero
Posts: 674
Joined: Mon Jan 31, 2011 7:39 pm

Re: https for atari-forum.com

Postby vido » Sun Apr 21, 2019 7:18 am

arf wrote:I don’t get why this discussion is often about having HTTP _or_ HTTPS. Actually, you can have both. There’s no technical requirement to forward HTTP requests to HTTPs. A site can offer both protocols, and the user can decide which to use. It’s only that many sites do the redirect, to protect the user’s data.

But the site owner decides what’s implemented.

Then it is easy to have all happy. Just to implement https and keep http. :)

User avatar
dma
Atari Super Hero
Atari Super Hero
Posts: 960
Joined: Wed Nov 20, 2002 11:22 pm
Location: France
Contact:

Re: https for atari-forum.com

Postby dma » Sun Apr 21, 2019 7:56 am

And then maybe HTTP to HTTPS redirection could be activated by a profile setting ? (off by default, to satisfy non compatible HTTP browser users)

SteveBagley
Captain Atari
Captain Atari
Posts: 174
Joined: Mon Jan 21, 2013 9:31 am

Re: https for atari-forum.com

Postby SteveBagley » Sun Apr 21, 2019 3:01 pm

dma wrote:And then maybe HTTP to HTTPS redirection could be activated by a profile setting ? (off by default, to satisfy non compatible HTTP browser users)


The HTTP User agent might be a better option to use -- by default redirect to https:// unless the User Agent matches a set of whitelisted Atari browsers?

Steve

User avatar
dma
Atari Super Hero
Atari Super Hero
Posts: 960
Joined: Wed Nov 20, 2002 11:22 pm
Location: France
Contact:

Re: https for atari-forum.com

Postby dma » Sun Apr 21, 2019 3:39 pm

SteveBagley wrote:The HTTP User agent might be a better option to use -- by default redirect to https:// unless the User Agent matches a set of whitelisted Atari browsers?

Ah yes indeed, also considering the same user could use both kind of browsers.
but then let's hope that Atari browsers doesn't mask themselves behind common user-agent strings to access certain websites blocking unknown clients.

User avatar
christos
Fuji Shaped Bastard
Fuji Shaped Bastard
Posts: 2434
Joined: Tue Apr 13, 2004 8:24 pm
Location: Greece
Contact:

Re: https for atari-forum.com

Postby christos » Mon Apr 22, 2019 5:14 pm

At first I thought well, I want to be able to access the forum when I am on the atari, trying to code something and I need a quick reference. But, indeed it's better to have ssl.
(How hard would adding ssl to highwire be?)
Felix qui potuit rerum cognoscere causas.
My Atari blog

STOT Email address: stot(NoSPAM)atari(DOT)org

User avatar
EmpireAndrew
Captain Atari
Captain Atari
Posts: 444
Joined: Fri Jul 15, 2016 5:46 pm
Location: Texas, USA

Re: https for atari-forum.com

Postby EmpireAndrew » Mon Apr 22, 2019 6:01 pm

Given the site uses an off the shelf forum package that uses css, javascript and cookies I can't imagine there are many ppl using this on their Atari? I certainly wish we could but I doubt it's practical for the work that would be involved...

If we switch to https now we should be using at least TLS 1.3 (no lower, and certainly not SSL) which means only browsers from the last few years will work at all (this is a trend on the net).

I do like the idea of leaving http available for someone to choose to use if they have an older machine instead of redirecting, but of course they could fall for a man in the middle attack and lose their password and if they've used it on other sites that could be a problem. But... if people do things like choose to use http when https is available, and use the same passwords on other sites I have little sympathy...
1977 VCS Heavy Sixxer (Boxed)
1990 Atari 1040STE, 4MB, UltraSatan, TOS 2.06, TT Touch -> Atari SC1435 Colour CRT Monitor
1991 Atari TT030, 2/64MB, Int 8GB Gigafile SCSI2CF, TOS 3.06, CaTTamaran Accelerator -> Atari TTM195 19" Mono CRT Monitor
1993 Atari Falcon030, 14MB, Int 8GB HDD, TOS 4.04 -> Atari PTC1426 Color CRT Monitor
Amiga, Mac, DOS, SGI, Sun, NeXTStation, PDA's and more!

joska
Hardware Guru
Hardware Guru
Posts: 4358
Joined: Tue Oct 30, 2007 2:55 pm
Location: Florø, Norway
Contact:

Re: https for atari-forum.com

Postby joska » Tue Apr 23, 2019 6:53 am

Something like a QWK/SOUP gateway for phpBB would be great... Then we could use this forum with native applications on our Ataris.
Jo Even

VanillaMiNT - Firebee - Falcon060 - Milan060 - Falcon040 - MIST - Mega ST - STM - STE - Amiga 600 - Sharp MZ700 - MSX - Amstrad CPC - C64

User avatar
wongck
Ultimate Atarian
Ultimate Atarian
Posts: 12680
Joined: Sat May 03, 2008 2:09 pm
Location: Far East
Contact:

Re: https for atari-forum.com

Postby wongck » Wed Apr 24, 2019 5:24 am

ah.... back to the good old BBS days...
My Stuff: FB/Falcon CT63 CTPCI ATI RTL8139 USB 512MB 30GB HDD CF HxC_SD/ TT030 68882 4+32MB 520MB Nova/ 520STFM 4MB Tos206 SCSI
Shared SCSI Bus:ScsiLink ethernet, 9GB HDD,SD-reader @ http://phsw.atari.org
My Atari stuff for sale - click here for list

Rustynutt
Atari Super Hero
Atari Super Hero
Posts: 641
Joined: Wed Mar 21, 2012 7:38 am
Location: Oregon
Contact:

Re: https for atari-forum.com

Postby Rustynutt » Thu Jul 18, 2019 12:02 pm

Transparent Gif's :)
That was so cool using CAB the first time.

Sorta topic. Been some years ago recall using "website translators". Forget the proper term, think they got you around the security stuff.

I'm feeling the need to cleanse myself, is there a good purpose public site designed to handle plain browser compatibly?


Social Media

     

Return to “Website Discussions”

Who is online

Users browsing this forum: No registered users and 2 guests