Authentication on this Website
Authentication on this Website
These forums still use unsecured, vanilla HTTP as opposed to encrypted HTTPS. This is bad for security reasons, but also because browsers are making it increasingly difficult to authenticate without encryption. See, e.g., the attached screenshot from Firefox.
I think all that needs to be done is for the site to acquire an SSL certificate (from a certificate authority like Google), and use it. I understand the forums use a point-and-click template called phpBB, and it looks like there instructions on moving phpBB sites to HTTPS.
I think all that needs to be done is for the site to acquire an SSL certificate (from a certificate authority like Google), and use it. I understand the forums use a point-and-click template called phpBB, and it looks like there instructions on moving phpBB sites to HTTPS.
- Attachments
-
- Screen Shot 2019-04-09 at 12.27.42 PM.png
- (47.11 KiB) Not downloaded yet
Arnav Sood
"We're not going to pay you to come to our tournaments" --- Paul Kasiński
NYU, 2014-2018
University of British Columbia, 2018-2020
Carnegie Mellon, 2021-
"We're not going to pay you to come to our tournaments" --- Paul Kasiński
NYU, 2014-2018
University of British Columbia, 2018-2020
Carnegie Mellon, 2021-
-
- Rikku
- Posts: 376
- Joined: Mon Dec 19, 2016 10:02 pm
- Location: New Haven, CT
- Contact:
Re: Authentication on this Website
I agree with Arnav's post, but Let's Encrypt is probably sufficient. I doubt there's any need to use a paid CA.
Matt
Re: Authentication on this Website
I've been asking for this since August 2017 and have been told (several times, last in September 2018) that it's on the radar. All the relevant people are volunteers, so I don't feel comfortable pinging too often.
Jonah Greenthal
National Academic Quiz Tournaments
National Academic Quiz Tournaments
Re: Authentication on this Website
Is there a way that we could volunteer to make it happen? All that the admins would need to do is delegate access to somebody for (say) a day or two. Or, we could write a small step-by-step instruction set that we could execute.
Alternately, we could chip in to fund time for one of the maintainers to make this happen. But I think it would be really useful, since people are probably reusing passwords here that they use for other (more important) services.
Alternately, we could chip in to fund time for one of the maintainers to make this happen. But I think it would be really useful, since people are probably reusing passwords here that they use for other (more important) services.
Arnav Sood
"We're not going to pay you to come to our tournaments" --- Paul Kasiński
NYU, 2014-2018
University of British Columbia, 2018-2020
Carnegie Mellon, 2021-
"We're not going to pay you to come to our tournaments" --- Paul Kasiński
NYU, 2014-2018
University of British Columbia, 2018-2020
Carnegie Mellon, 2021-
- Mike Bentley
- Sin
- Posts: 6465
- Joined: Fri Mar 31, 2006 11:03 pm
- Location: Bellevue, WA
- Contact:
Re: Authentication on this Website
Probably. Send an e-mail to Dan Goff ([email protected]) and see if you can work out the details.ArnavS wrote: ↑Wed Apr 10, 2019 2:16 pm Is there a way that we could volunteer to make it happen? All that the admins would need to do is delegate access to somebody for (say) a day or two. Or, we could write a small step-by-step instruction set that we could execute.
Alternately, we could chip in to fund time for one of the maintainers to make this happen. But I think it would be really useful, since people are probably reusing passwords here that they use for other (more important) services.
Mike Bentley
Treasurer, Partnership for Academic Competition Excellence
Adviser, Quizbowl Team at University of Washington
University of Maryland, Class of 2008
Treasurer, Partnership for Academic Competition Excellence
Adviser, Quizbowl Team at University of Washington
University of Maryland, Class of 2008
Re: Authentication on this Website
He's done some work on this the LetsEncrypt front (good call @Matt, I didn't know there were free CAs like this) and will be taking another look this weekend. They will also be reviewing the archives to make sure nothing is impacted.
Arnav Sood
"We're not going to pay you to come to our tournaments" --- Paul Kasiński
NYU, 2014-2018
University of British Columbia, 2018-2020
Carnegie Mellon, 2021-
"We're not going to pay you to come to our tournaments" --- Paul Kasiński
NYU, 2014-2018
University of British Columbia, 2018-2020
Carnegie Mellon, 2021-
- Stained Diviner
- Auron
- Posts: 5088
- Joined: Sun Jun 13, 2004 6:08 am
- Location: Chicagoland
- Contact:
Re: Authentication on this Website
Any update on this?
How often should we ask why nothing is being done about this? Should we ask again in three months, or would it be more appropriate to wait a year?
How often should we ask why nothing is being done about this? Should we ask again in three months, or would it be more appropriate to wait a year?
- The Goffman Prophecies
- Quizbowl Detective Extraordinaire
- Posts: 1611
- Joined: Wed Mar 03, 2004 10:25 pm
- Location: Wichita, KS
Re: Authentication on this Website
Surprise!
HTTPS is enabled on the entire site. For the moment, forced redirection is only happening when you access the forums. There's some issues with the CSS on the other pages (the tournament database and packet repository) that need to be resolved before this redirection happens sitewide.
HTTPS is enabled on the entire site. For the moment, forced redirection is only happening when you access the forums. There's some issues with the CSS on the other pages (the tournament database and packet repository) that need to be resolved before this redirection happens sitewide.
Dan Goff
HSQB sysadmin
Virginia Tech '13
South Carolina '15
and a couple other places
Not Thomas Dale HS
STAAATS
HSQB sysadmin
Virginia Tech '13
South Carolina '15
and a couple other places
Not Thomas Dale HS
STAAATS
- Stained Diviner
- Auron
- Posts: 5088
- Joined: Sun Jun 13, 2004 6:08 am
- Location: Chicagoland
- Contact:
Re: Authentication on this Website
Thank you!
Re: Authentication on this Website
I think I have these fixed now, but let us know if you run into any problems while accessing the database or quizbowlpackets.com over https. One thing I'm aware of is I'm seeing https://hsquizbowl.org still redirecting to unsecure hsquizbowl.org/db, and it seems that is on Dan's side and not something I can fix myself.I'm a goff (in case you couldn't tell) wrote: ↑Sun Jul 21, 2019 10:10 pmThere's some issues with the CSS on the other pages (the tournament database and packet repository) that need to be resolved before this redirection happens sitewide.
Jeffrey Hill • Missouri Quizbowl Alliance president • UMR/Missouri S&T 2009 • Liberty (MO) 2005
Post your tournaments, SQBS reports, and question sets to the Quizbowl Resource Center Database!
Post your tournaments, SQBS reports, and question sets to the Quizbowl Resource Center Database!
- The Goffman Prophecies
- Quizbowl Detective Extraordinaire
- Posts: 1611
- Joined: Wed Mar 03, 2004 10:25 pm
- Location: Wichita, KS
Re: Authentication on this Website
Yup, it was a quick configuration change I had to make. It's fixed now.ScoBo wrote: ↑Mon Jul 22, 2019 10:23 pmI think I have these fixed now, but let us know if you run into any problems while accessing the database or quizbowlpackets.com over https. One thing I'm aware of is I'm seeing https://hsquizbowl.org still redirecting to unsecure hsquizbowl.org/db, and it seems that is on Dan's side and not something I can fix myself.I'm a goff (in case you couldn't tell) wrote: ↑Sun Jul 21, 2019 10:10 pmThere's some issues with the CSS on the other pages (the tournament database and packet repository) that need to be resolved before this redirection happens sitewide.
Dan Goff
HSQB sysadmin
Virginia Tech '13
South Carolina '15
and a couple other places
Not Thomas Dale HS
STAAATS
HSQB sysadmin
Virginia Tech '13
South Carolina '15
and a couple other places
Not Thomas Dale HS
STAAATS