Two Plus Two Publishing LLC Two Plus Two Publishing LLC
 

Go Back   Two Plus Two Poker Forums > >

Notices

About the Forums Here's where you post suggestions about the forums and the software that implements them.

Reply
 
Thread Tools Display Modes
Old 05-13-2012, 12:51 PM   #26
MrWooster
veteran
 
MrWooster's Avatar
 
Join Date: Mar 2007
Location: Shoving AK
Posts: 2,984
Re: hey I have a suggestion. Option to connect and log in securely with https

Everyone who says https is too resource intensive, thats not quite true. Yes, https is more resource intensive than http, and yes, 5 years ago, it was a huge overhead, but now days, https adds a minimum overhead.

There is no reason for https not to be turned on, and not implementing it is a HUGE security floor imo.
MrWooster is offline   Reply With Quote
Old 05-13-2012, 03:19 PM   #27
bav
Carpal \'Tunnel
 
bav's Avatar
 
Join Date: Nov 2005
Location: Vegas
Posts: 8,125
Re: hey I have a suggestion. Option to connect and log in securely with https

Quote:
Originally Posted by MrWooster View Post
Everyone who says https is too resource intensive, thats not quite true. Yes, https is more resource intensive than http, and yes, 5 years ago, it was a huge overhead, but now days, https adds a minimum overhead.

There is no reason for https not to be turned on, and not implementing it is a HUGE security floor imo.
We already know they've been struggling with inadequate capacity (I think I read that somewhere). Dunno where the bottleneck is, however. If they're struggling with the front-end side of it facing the browsers, adding HTTPS may make the situation worse. On the other hand, if they're having backend DB issues, say, they may have gobs of capacity and won't notice the SSL overhead.

But if they hired a super-high-end security firm to come in and make sure everything was safe and secure, you'd kinda think "ENABLE HTTPS!!!" woulda been pretty high on said company's list of recommendations.
bav is offline   Reply With Quote
Old 05-13-2012, 11:04 PM   #28
Neil S
King of the sidebar
 
Neil S's Avatar
 
Join Date: Sep 2004
Location: Northern Virginia
Posts: 17,754
Re: hey I have a suggestion. Option to connect and log in securely with https

Cookie sniffing is a big deal. It's not enough just to do https logins, not at all.
Neil S is offline   Reply With Quote
Old 05-13-2012, 11:46 PM   #29
pvn
King Emeritus
 
pvn's Avatar
 
Join Date: Jan 2004
Location: De-Green BruceZ for Great Justice
Posts: 65,704
Re: hey I have a suggestion. Option to connect and log in securely with https

Quote:
Originally Posted by Neil S View Post
Cookie sniffing is a big deal. It's not enough just to do https logins, not at all.
Cookie sniffing is a big deal but it's a different problem than the problem of stealing passwords.

Implementing full https would be great but doing it just for logins would be better than what we have now and would be a very small increase in resource consumption.
pvn is offline   Reply With Quote
Old 05-13-2012, 11:56 PM   #30
Neil S
King of the sidebar
 
Neil S's Avatar
 
Join Date: Sep 2004
Location: Northern Virginia
Posts: 17,754
Re: hey I have a suggestion. Option to connect and log in securely with https

Quote:
Originally Posted by pvn View Post
Cookie sniffing is a big deal but it's a different problem than the problem of stealing passwords.

Implementing full https would be great but doing it just for logins would be better than what we have now and would be a very small increase in resource consumption.
Is the goal to stop password sniffing or to prevent account hijacks?
Neil S is offline   Reply With Quote
Old 05-15-2012, 03:30 PM   #31
Count Chocula
banned
 
Count Chocula's Avatar
 
Join Date: Dec 2007
Location: 61.5░ orbital
Posts: 19,345
Re: hey I have a suggestion. Option to connect and log in securely with https

cookie sniffing sounds like a weird fetish.
Count Chocula is offline   Reply With Quote
Old 05-15-2012, 08:45 PM   #32
Gin 'n Tonic
Pooh-Bah
 
Gin 'n Tonic's Avatar
 
Join Date: Mar 2005
Location: Reclining my seat
Posts: 5,788
Re: hey I have a suggestion. Option to connect and log in securely with https

Quote:
Originally Posted by Count Chocula View Post
Wookie sniffing sounds like a weird fetish.
Fixed.
Gin 'n Tonic is online now   Reply With Quote
Old 05-15-2012, 09:48 PM   #33
pvn
King Emeritus
 
pvn's Avatar
 
Join Date: Jan 2004
Location: De-Green BruceZ for Great Justice
Posts: 65,704
Quote:
Originally Posted by Gin 'n Tonic View Post
Fixed.
wat

Nothing weird about that IMO.
pvn is offline   Reply With Quote
Old 05-15-2012, 10:25 PM   #34
Neil S
King of the sidebar
 
Neil S's Avatar
 
Join Date: Sep 2004
Location: Northern Virginia
Posts: 17,754
Re: hey I have a suggestion. Option to connect and log in securely with https

I bent my wookiee.
Neil S is offline   Reply With Quote
Old 05-17-2012, 01:06 PM   #35
Gullanian
Carpal \'Tunnel
 
Gullanian's Avatar
 
Join Date: Dec 2006
Location: London
Posts: 14,008
Re: hey I have a suggestion. Option to connect and log in securely with https

Quote:
Originally Posted by pvn View Post
Cookie sniffing is a big deal but it's a different problem than the problem of stealing passwords.

Implementing full https would be great but doing it just for logins would be better than what we have now and would be a very small increase in resource consumption.
Basically impossible/extremely difficult to blanket install https on a website like this that links to so much external content as it will throw up tons of security messages when someone posts an image on a different domain etc.

Doing it on the login/registration pages is a good idea and easy to do though.
Gullanian is offline   Reply With Quote
Old 05-17-2012, 07:26 PM   #36
Neil S
King of the sidebar
 
Neil S's Avatar
 
Join Date: Sep 2004
Location: Northern Virginia
Posts: 17,754
Re: hey I have a suggestion. Option to connect and log in securely with https

Quote:
Originally Posted by Gullanian View Post
Basically impossible/extremely difficult to blanket install https on a website like this that links to so much external content as it will throw up tons of security messages when someone posts an image on a different domain etc.

Doing it on the login/registration pages is a good idea and easy to do though.
Ehh, it's security theater.
Neil S is offline   Reply With Quote
Old 10-22-2015, 08:16 PM   #37
WowImsobad
journeyman
 
Join Date: Jun 2009
Posts: 324
Does this site really not use https, and uses plaintext passwords?

You cannot be serious. How old is this vbulletin software as well? Someone could probably just google a vbulletin exploit and there's a good chance it will work.

Unreal, lol.
WowImsobad is offline   Reply With Quote
Old 10-22-2015, 08:40 PM   #38
Randomly Banned.
journeyman
 
Randomly Banned.'s Avatar
 
Join Date: Aug 2013
Posts: 284
Re: Does this site really not use https, and uses plaintext passwords?

You tell 'em.
Randomly Banned. is offline   Reply With Quote
Old 10-22-2015, 09:49 PM   #39
zikzak
Carpal \'Tunnel
 
zikzak's Avatar
 
Join Date: Jul 2009
Posts: 18,558
Re: Does this site really not use https, and uses plaintext passwords?

I have been assured that this is nothing to worry about. Also that the sever load for encryption requires more hamsters than 2+2 can afford.

Last edited by zikzak; 10-22-2015 at 09:49 PM. Reason: it's not like the site has ever been hacked or anything
zikzak is offline   Reply With Quote
Old 10-27-2015, 03:10 AM   #40
FranFran
 
FranFran's Avatar
 
Join Date: Jun 2014
Location: hahaha
Posts: 14,530
Re: Does this site really not use https, and uses plaintext passwords?

I can explain it, it's not actually a porn
FranFran is offline   Reply With Quote
Old 10-27-2015, 04:37 AM   #41
Mr.mmmKay
Drugs are bad...
 
Mr.mmmKay's Avatar
 
Join Date: May 2011
Posts: 12,840
Re: Does this site really not use https, and uses plaintext passwords?

I heard the pas words have been encrypted using a banana and 2 large Chinese vases
Mr.mmmKay is offline   Reply With Quote
Old 11-03-2015, 05:15 AM   #42
herbertstemple
veteran
 
herbertstemple's Avatar
 
Join Date: May 2009
Location: Spike Forever!!!
Posts: 3,106
Re: Does this site really not use https, and uses plaintext passwords?

April, 2012.
herbertstemple is offline   Reply With Quote
Old 11-03-2015, 06:29 AM   #43
Minirra
old hand
 
Minirra's Avatar
 
Join Date: Mar 2015
Posts: 1,242
Re: Does this site really not use https, and uses plaintext passwords?

Here's your money back
Minirra is offline   Reply With Quote
Old 11-04-2015, 02:10 PM   #44
Roonil Wazlib
veteran
 
Roonil Wazlib's Avatar
 
Join Date: Feb 2014
Location: ᕕ( ᐛ )ᕗ
Posts: 3,333
Re: Does this site really not use https, and uses plaintext passwords?

why does OP think they use plaintext?

wireshark seems to think my password is 3abaf9cb25496efb9f918ba63135249c, which I assure you it isn't.
Roonil Wazlib is offline   Reply With Quote
Old 11-04-2015, 02:43 PM   #45
Wiki
Pooh-Bah
 
Wiki's Avatar
 
Join Date: Mar 2008
Location: [2,5]
Posts: 5,811
Re: Does this site really not use https, and uses plaintext passwords?

Quote:
Originally Posted by Roonil Wazlib View Post
wireshark seems to think my password is 3abaf9cb25496efb9f918ba63135249c, which I assure you it isn't.
Really?

Mine is.
Wiki is offline   Reply With Quote
Old 11-04-2015, 02:57 PM   #46
Roonil Wazlib
veteran
 
Roonil Wazlib's Avatar
 
Join Date: Feb 2014
Location: ᕕ( ᐛ )ᕗ
Posts: 3,333
Re: Does this site really not use https, and uses plaintext passwords?

What a crazy coincidence!
Roonil Wazlib is offline   Reply With Quote
Old 11-04-2015, 07:08 PM   #47
zikzak
Carpal \'Tunnel
 
zikzak's Avatar
 
Join Date: Jul 2009
Posts: 18,558
Re: Does this site really not use https, and uses plaintext passwords?

Quote:
Originally Posted by Roonil Wazlib View Post
why does OP think they use plaintext?

wireshark seems to think my password is 3abaf9cb25496efb9f918ba63135249c, which I assure you it isn't.
Obviously your password is :║¨╦%InűŸ‘‹Ž15$œ
zikzak is offline   Reply With Quote
Old 11-04-2015, 09:28 PM   #48
Roonil Wazlib
veteran
 
Roonil Wazlib's Avatar
 
Join Date: Feb 2014
Location: ᕕ( ᐛ )ᕗ
Posts: 3,333
Re: Does this site really not use https, and uses plaintext passwords?

Ssshhhhhhhh
Roonil Wazlib is offline   Reply With Quote
Old 11-05-2015, 01:09 AM   #49
Banned4lyfe
Sup-Bah? Pop-Bah Pooh-Bear Permanently Pooh-Bah Billy Walters Jr
 
Banned4lyfe's Avatar
 
Join Date: Feb 2013
Location: SoCal ✈
Posts: 12,649
Re: Does this site really not use https, and uses plaintext passwords?

Mine shows

7c6a180b36896a0a8c02787eeafb0e4c

hmmm
Banned4lyfe is offline   Reply With Quote
Old 11-09-2015, 04:15 AM   #50
gvspa
stranger
 
Join Date: Nov 2015
Posts: 1
Re: Does this site really not use https, and uses plaintext passwords?

****ingfd trolle
gvspa is offline   Reply With Quote

Reply
      

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Forum Jump


All times are GMT -4. The time now is 12:49 AM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright ę 2008-2010, Two Plus Two Interactive
 
 
Poker Players - Streaming Live Online