Two Plus Two Publishing LLC Two Plus Two Publishing LLC
 

Go Back   Two Plus Two Poker Forums > >

Notices

About the Forums Here's where you post suggestions about the forums and the software that implements them.

Reply
 
Thread Tools Display Modes
Old 11-09-2015, 05:40 AM   #51
Mr.mmmKay
Drugs are bad...
 
Mr.mmmKay's Avatar
 
Join Date: May 2011
Posts: 12,702
Re: Does this site really not use https, and uses plaintext passwords?

Mr.mmmKay is offline   Reply With Quote
Old 11-09-2015, 08:34 AM   #52
Roonil Wazlib
veteran
 
Roonil Wazlib's Avatar
 
Join Date: Feb 2014
Location: ᕕ( ᐛ )ᕗ
Posts: 3,333
Re: Does this site really not use https, and uses plaintext passwords?

Hey, words hurt...

Thankfully none of that was words
Roonil Wazlib is offline   Reply With Quote
Old 11-11-2015, 07:21 AM   #53
killer_kill
Carpal \'Tunnel
 
killer_kill's Avatar
 
Join Date: Oct 2007
Location: Go Banana
Posts: 23,225
Re: Does this site really not use https, and uses plaintext passwords?

Quote:
Originally Posted by herbertstemple View Post
April, 2012.
I cri evertime
killer_kill is offline   Reply With Quote
Old 11-11-2015, 06:34 PM   #54
Morphismus
Gimperator
 
Morphismus's Avatar
 
Join Date: Feb 2008
Location: in you heads
Posts: 13,635
Re: Does this site really not use https, and uses plaintext passwords?

this thread is going slow but steady
Morphismus is offline   Reply With Quote
Old 12-27-2016, 09:58 AM   #55
pvn
King Emeritus
 
pvn's Avatar
 
Join Date: Jan 2004
Location: De-Green BruceZ for Great Justice
Posts: 65,606
why isn't 2+2 HTTPS?

the whole website should be HTTPS encrypted. there's very little reason not to do this in 2016.
pvn is offline   Reply With Quote
Old 12-27-2016, 01:20 PM   #56
well named
Carpal \'Tunnel
 
well named's Avatar
 
Join Date: Jun 2007
Location: esse est coesse
Posts: 72,280
Re: why isn't 2+2 HTTPS?

I recall that some years ago they attempted to implement HTTPS and the server couldn't tolerate the extra load, so they disabled it. Or maybe it was just that they explained at some point in the past that this is the reason why they didn't use HTTPS. I think the question has come up before in reference to login and the way session handling works.

The load explanation may no longer be a factor with reduced traffic? I don't know.
well named is offline   Reply With Quote
Old 12-27-2016, 02:12 PM   #57
soah
Unexpected
 
soah's Avatar
 
Join Date: Jun 2004
Posts: 59,448
Re: why isn't 2+2 HTTPS?

The fact that it greatly increases the amount of data usage seems like a reason not to do it.
soah is offline   Reply With Quote
Old 12-27-2016, 02:21 PM   #58
Noodle Wazlib
just about tolerable
 
Noodle Wazlib's Avatar
 
Join Date: Nov 2015
Location: Drowning in robot chocolate
Posts: 9,791
Re: why isn't 2+2 HTTPS?

Are https packets really that much bigger than non-https?
Noodle Wazlib is offline   Reply With Quote
Old 12-27-2016, 02:26 PM   #59
well named
Carpal \'Tunnel
 
well named's Avatar
 
Join Date: Jun 2007
Location: esse est coesse
Posts: 72,280
Re: why isn't 2+2 HTTPS?

By load I meant computational load (encrypting and decrypting) and not really bandwidth. I'm not sure the magnitude of the difference for the latter, although it's not zero. I would think most of the extra data is in the SSL handshake
well named is offline   Reply With Quote
Old 12-27-2016, 04:36 PM   #60
Morphismus
Gimperator
 
Morphismus's Avatar
 
Join Date: Feb 2008
Location: in you heads
Posts: 13,635
Re: why isn't 2+2 HTTPS?

Quote:
Originally Posted by pvn View Post
the whole website should be HTTPS encrypted. there's very little reason not to do this in 2016.
What is this little reason?

Regarding the encription: I get it for the login (which should be save anyway, otherwise we had hacked accounts all the time), account info pages and PMs; but the rest is public anyway, no? Or is it that you don't want people to know what you read on 2+2?

Quote:
Originally Posted by well named View Post
By load I meant computational load (encrypting and decrypting) and not really bandwidth. I'm not sure the magnitude of the difference for the latter, although it's not zero. I would think most of the extra data is in the SSL handshake
All of the extra data should be in the handshake; the encoding itself is done in-place afaik.
Morphismus is offline   Reply With Quote
Old 12-27-2016, 05:07 PM   #61
nuclear500
Carpal \'Tunnel
 
nuclear500's Avatar
 
Join Date: Aug 2004
Location: Madison, WI
Posts: 9,531
Re: why isn't 2+2 HTTPS?

The size of the packet barely changes and besides think about it, the extra bytes on your multi-megabyte per second connection is peanuts.

As mentioned its the load on the CPU to handle the cryptography. This is also why many companies use SSL off-load, typically on the device that handles load balancing between multiple servers. The certificate can exist on either server or load balancer. In cases of large traffic sites then generally the SSL is off-loaded. You don't think Google puts an SSL certificate on every single server do they? LOL
nuclear500 is offline   Reply With Quote
Old 12-27-2016, 05:26 PM   #62
Noodle Wazlib
just about tolerable
 
Noodle Wazlib's Avatar
 
Join Date: Nov 2015
Location: Drowning in robot chocolate
Posts: 9,791
Re: why isn't 2+2 HTTPS?

Quote:
Originally Posted by Morphismus View Post
What is this little reason?

Regarding the encription: I get it for the login (which should be save anyway, otherwise we had hacked accounts all the time), account info pages and PMs; but the rest is public anyway, no?
i would think the concern would be maybe session hijacking or something

i would be very surprised to learn that this had happened to anyone on 2+2 more than a dozen times over the entirety of this site's existence, but i guess it's possible
Noodle Wazlib is offline   Reply With Quote
Old 12-27-2016, 05:32 PM   #63
soah
Unexpected
 
soah's Avatar
 
Join Date: Jun 2004
Posts: 59,448
Re: why isn't 2+2 HTTPS?

Quote:
Originally Posted by nuclear500 View Post
The size of the packet barely changes and besides think about it, the extra bytes on your multi-megabyte per second connection is peanuts.
The problem is when browsing on a poor connection. I've had some times where sites using SSL were so slow that it would time out before a page could finish loading. Meanwhile all other sites were slow but at least usable.

Also if you're using a mobile plan which charges you for bandwidth, then you'd prefer not to use up more of it than you need to.
soah is offline   Reply With Quote
Old 12-27-2016, 05:37 PM   #64
Noodle Wazlib
just about tolerable
 
Noodle Wazlib's Avatar
 
Join Date: Nov 2015
Location: Drowning in robot chocolate
Posts: 9,791
Re: Does this site really not use https, and uses plaintext passwords?

if the extra data from an ssl connection to a single website causes you overages, you either need a better data plan or to not waste your food money on cell phones
Noodle Wazlib is offline   Reply With Quote
Old 12-27-2016, 11:21 PM   #65
pvn
King Emeritus
 
pvn's Avatar
 
Join Date: Jan 2004
Location: De-Green BruceZ for Great Justice
Posts: 65,606
Re: why isn't 2+2 HTTPS?

Quote:
Originally Posted by Morphismus View Post
What is this little reason?



Regarding the encription: I get it for the login (which should be save anyway, otherwise we had hacked accounts all the time), account info pages and PMs; but the rest is public anyway, no? Or is it that you don't want people to know what you read on 2+2?


It's much more than that. https://developers.google.com/web/fu...nsit/why-https
pvn is offline   Reply With Quote
Old 12-28-2016, 10:48 AM   #66
ProfessorSlot
newbie
 
Join Date: Nov 2016
Posts: 26
Re: why isn't 2+2 HTTPS?

Quote:
Originally Posted by Noodle Wazlib View Post
Are https packets really that much bigger than non-https?
Yes it is much bigger Because of the added loads. Https has more security feature that it needs to load compare to the present http. Twoplustwo forum would become slow if they implement it unless certain modification on the site is made to adopt https.
ProfessorSlot is offline   Reply With Quote
Old 01-01-2017, 03:15 PM   #67
pvn
King Emeritus
 
pvn's Avatar
 
Join Date: Jan 2004
Location: De-Green BruceZ for Great Justice
Posts: 65,606
Re: Does this site really not use https, and uses plaintext passwords?

yes, it would require more computational power, so what? We're not talking about some insanely huge problem here. plenty of sites run 100% https nowadays.
pvn is offline   Reply With Quote
Old 01-01-2017, 05:08 PM   #68
Noodle Wazlib
just about tolerable
 
Noodle Wazlib's Avatar
 
Join Date: Nov 2015
Location: Drowning in robot chocolate
Posts: 9,791
Re: Does this site really not use https, and uses plaintext passwords?

Maybe mason will invest the tax break he gets from trump into more computing power for the site so he can secure his users!

Hahahaha, butnaaaaahhhhhh
Noodle Wazlib is offline   Reply With Quote
Old 01-08-2017, 06:33 PM   #69
Lurk
enthusiast
 
Join Date: Jul 2013
Posts: 70
Re: Does this site really not use https, and uses plaintext passwords?

I got prompted that my password was 1266 days old and therefore had to be changed when I just came to the site - has something gone wrong?
Lurk is offline   Reply With Quote
Old 01-08-2017, 06:40 PM   #70
The Imp
adept
 
The Imp's Avatar
 
Join Date: May 2015
Posts: 1,049
Re: Does this site really not use https, and uses plaintext passwords?

Quote:
Originally Posted by Lurk View Post
I got prompted that my password was 1266 days old and therefore had to be changed when I just came to the site - has something gone wrong?
Database got leaked.
The Imp is offline   Reply With Quote
Old 01-08-2017, 06:40 PM   #71
GusJohnsonGOAT
SESwamiGOAT
 
GusJohnsonGOAT's Avatar
 
Join Date: Mar 2011
Posts: 13,865
Re: Does this site really not use https, and uses plaintext passwords?

Sick foreshadowing even though this is the second hacking since the thread was made.
GusJohnsonGOAT is offline   Reply With Quote
Old 01-08-2017, 06:42 PM   #72
Lattimer
I are smart
 
Lattimer's Avatar
 
Join Date: Feb 2009
Location: New England
Posts: 11,347
Re: Does this site really not use https, and uses plaintext passwords?

Quote:
Originally Posted by Lurk View Post
I got prompted that my password was 1266 days old and therefore had to be changed when I just came to the site - has something gone wrong?
Yes. Read the other thread in ATF that was just made about this issue.
Lattimer is offline   Reply With Quote
Old 01-08-2017, 06:42 PM   #73
Hellmuth was right
grinder
 
Join Date: Aug 2016
Posts: 669
Re: Does this site really not use https, and uses plaintext passwords?

Quote:
Originally Posted by The Imp View Post
Database got leaked.
how does something like that happen?
Hellmuth was right is offline   Reply With Quote
Old 01-08-2017, 06:53 PM   #74
The Imp
adept
 
The Imp's Avatar
 
Join Date: May 2015
Posts: 1,049
Re: Does this site really not use https, and uses plaintext passwords?

Quote:
Originally Posted by Hellmuth was right View Post
how does something like that happen?
Someone steals a backup. Doesn't necessarily mean the site has done anything wrong. It's happened before on 2+2 though...
The Imp is offline   Reply With Quote
Old 01-08-2017, 06:57 PM   #75
housenuts
Carpal \'Tunnel
 
housenuts's Avatar
 
Join Date: Jul 2004
Location: Come With Me If You Want To Lift
Posts: 30,973
Re: Does this site really not use https, and uses plaintext passwords?

Quote:
Originally Posted by The Imp View Post
Someone steals a backup. Doesn't necessarily mean the site has done anything wrong. It's happened before on 2+2 though...
And most other forums
housenuts is offline   Reply With Quote

Reply
      

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Forum Jump


All times are GMT -4. The time now is 11:58 PM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Search Engine Optimisation provided by DragonByte SEO v2.0.33 (Pro) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Copyright ę 2008-2010, Two Plus Two Interactive
 
 
Poker Players - Streaming Live Online