Should forum.defcon.org be SSL only?

Re: Should forum.defcon.org be SSL only?

Wave of /.edness comes over me.

First Vote!

Re: Should forum.defcon.org be SSL only?

Actually, I think that the kludge I created ensures that links to any post or server with defcon.org remains https even if the poster posts it as http, when the web browser visiting the site is visiting with https.
In a similar way, when a user is visiting with http, all defcon.org links to any defcon.org servers appear as http even if they were https.

This helps to make sure people desiring https get https to defcon.org links, and people that can't do https, only get http links from the forums to defcon.org domains.

This is the function that will be lost.

Now pics.defcon.org is another story. Without this kludge, that software will only generate links to http: no matter how you log in. Eventually, any https session will become an http session without this kludge. If we change to only offer https, then the new default for it can become https: instead of http:

HTH,
-Cot

Stop it! Don't let that spread here! My eyes! My eyes! My brain! Wait. My brain no longer hurts, and I have a strange desire to go out and buy lottery tickets, and watch lots of TV. Why did I want to go to the library anyway? ;-)

See... this is what happens. First you add blog software, and the next thing you know, we turn into myspace. :-P~~

No soup for you!

Re: Should forum.defcon.org be SSL only?

Actually I would prefer we turn into Utherverse as posting porn is against the Myspace TOS.

That said I vote yes on HTTPS.

Re: Should forum.defcon.org be SSL only?

OK, looks like it is leaning SSL only...

Re: Should forum.defcon.org be SSL only?

Visiting our site is encrypted, login is encrypted, but after that some browsers show our site not fully encrypted after login, but then I'm not buying anything here. Mods want to know more ask me privately.

Re: Should forum.defcon.org be SSL only?

Get your vote in.. only a week remains!

Re: Should forum.defcon.org be SSL only?

HTTPS= Your right to your privacy and your freedom at this time only until squash. When that is broken your dongle will be blowin' in the breeze (plz. no PP&M references).

Re: Should forum.defcon.org be SSL only?

Looks like SSL wins.. now to get ready to make some changes. I think the cookies that are getting set by the forums are not setting the "secure" bit.

Re: Should forum.defcon.org be SSL only?

Ok. I will look to move over to exclusively support https for pics and forum. This will probably happen after 4:00pm pacific time today, or late on the 25th.

Re: Should forum.defcon.org be SSL only?

Do overseas visitors have access to 128 bit encryption now? I recall at one time all they could get was 56 bit.

Re: Should forum.defcon.org be SSL only?

extremely minor point - there's a typo on the http warning page:
"(We will ask your browser to forward you to that same link in 30 seconds, but you can select that link now to skip the 30 secon wait.)"

the 'd' got dropped from second. (I 'spose that's what I get for dropping the 's' from https)

Re: Should forum.defcon.org be SSL only?

Thanks for the report!

Updated in forums and pics. It may take a while for cached data to stopped being cached with this content, but a forced refresh should fix that.

Re: Should forum.defcon.org be SSL only?

Speaking of which I just fixed an http 'connection' header problem on pics and implemented some filtering on www. Please let us know if anything is acting wrong.