Go Back   vb.org Archive > Community Central > vBulletin.org Site Feedback
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 04-16-2007, 11:43 AM
Patria Patria is offline
 
Join Date: Apr 2005
Posts: 61
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Suggestion: SSL Support

Hello vBulletin team,

it would be great if you could enable SSL Support on vbulletin.org.
Reply With Quote
  #2  
Old 04-16-2007, 11:48 AM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I think that's unlikely - for what reason would you want it ?
Reply With Quote
  #3  
Old 04-16-2007, 11:52 AM
Patria Patria is offline
 
Join Date: Apr 2005
Posts: 61
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M View Post
I think that's unlikely - for what reason would you want it ?
For Security & Privacy reasons.
Reply With Quote
  #4  
Old 04-16-2007, 03:59 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Sorry but that's a pretty vague answer, what security and privacy reasons exactly ?
Reply With Quote
  #5  
Old 04-16-2007, 04:21 PM
Patria Patria is offline
 
Join Date: Apr 2005
Posts: 61
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M View Post
Sorry but that's a pretty vague answer, what security and
privacy reasons exactly ?
If I change/enter my password it flows unencrypted over the internet, HTTPS would be useful there for example. The next point is that my nickname also flows unencrypted over the internet and that harms my privacy.
Reply With Quote
  #6  
Old 04-16-2007, 07:39 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

vbulletin does not send unencrypted passwords over the net, they are hashed using MD5.

As for your nickname - are you serious - what possible harm to your privacy does that cause (given that everyone who visits the site can clearly see it).

(I take it you don't use e-mail, given how highly insecure that actually is).
Reply With Quote
  #7  
Old 04-16-2007, 08:34 PM
Patria Patria is offline
 
Join Date: Apr 2005
Posts: 61
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M View Post
vbulletin does not send unencrypted passwords over the net, they are hashed using MD5.
Ok.

But ... insecure in some kind. (you could capture the MD5 checksum and run it via brute force against a wordlist)

Quote:
As for your nickname - are you serious - what possible harm to your privacy does that cause (given that everyone who visits the site can clearly see it).
I fear our ISPs in combination with our goverments and the data retention laws not the vB.org visitors/members.
Quote:
(I take it you don't use e-mail, given how highly insecure that actually is).
I use TLS and PGP.

"Just because you're paranoid doesn't mean they aren't after you" - Kurt Cobain
Reply With Quote
  #8  
Old 04-16-2007, 08:45 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You might use TLS, SMTP servers don't use it to send your e-mail from server to server.

If you are that paranoid then maybe you shouldn't be on the internet.
Reply With Quote
  #9  
Old 04-17-2007, 12:33 AM
nexialys
Guest
 
Posts: n/a
Default

SSL support would be a good alternative to MD5 coding in most of the very-secure situations...

for the reason you list, you may have a good point... maybe it would be good for you to hire a professional coder with a good knowledge of security and SSL so he/she can recode the parts you may require to be recoded like the login and general authentication system... it's not quite complicated to rebuild, it's just changing a MD5 structure to a SSL one...
Reply With Quote
  #10  
Old 04-17-2007, 06:16 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

He's asking for this on vB.org, not his own site .
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:07 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06749 seconds
  • Memory Usage 2,251KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (9)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete