DRUMMERWORLD OFFICIAL DISCUSSION FORUM   

Go Back   DRUMMERWORLD OFFICIAL DISCUSSION FORUM > DrummerWorld Site News

DrummerWorld Site News What's New at DrummerWorld

Reply
 
Thread Tools
  #1  
Old 11-21-2017, 08:06 AM
KamaK KamaK is offline
Platinum Member
 
Join Date: Apr 2014
Location: East Coast
Posts: 5,605
Default Drummerworld and SSL -- It's time

Bernhard,

I'd gladly chip in the $7.50 for the first year and 30 mins to show you how to set up SSL/HTTPS. I feel like a chump every time I type something here (including my password) because anyone with wire access can see it. Heck, I'd chip in $20 for a 3-year cert.

I get that there are drawbacks (the yearly expense, performance overhead, requirement of technical expertise to add a rewrite rule so old links work, periodic renewals, registration). But a number of us check in from hotel wifi, bar wifi, and other public places and would greatly appreciate the increase in privacy.

Note: Looks like COMODO resellers are ~9/yr these days.
Reply With Quote
  #2  
Old 11-21-2017, 07:43 PM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 5,865
Default Re: Drummerworld and SSL -- It's time

The port is open on the firewall, but the default apache page with self-signed is what you get.

Since I don't use this password anywhere else I'm not that worried about it and other than passwords, I think someone snooping this data stream would be pretty disappointed. If you're going to do it, make sure to re-direct http to https or it's pretty useless for anyone but you, I and other folks with IT sec on their minds.
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #3  
Old 11-21-2017, 08:01 PM
KamaK KamaK is offline
Platinum Member
 
Join Date: Apr 2014
Location: East Coast
Posts: 5,605
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by Dr_Watso View Post
If you're going to do it, make sure to re-direct http to https or it's pretty useless for anyone but you, I and other folks with IT sec on their minds.
Indeed, though it's generally best to use a rule instead of a redir, so that the string beyond the domain name is preserved, and all of the links on the board continue working.

Something simple like:


Code:
    RewriteEngine on
    RewriteCond   %{SERVER_PORT}  !^443$
    RewriteRule ^/(.*)$ https://www.drummerworld.com/$1 [L,R]
Reply With Quote
  #4  
Old 02-09-2018, 09:01 PM
KamaK KamaK is offline
Platinum Member
 
Join Date: Apr 2014
Location: East Coast
Posts: 5,605
Default Re: Drummerworld and SSL -- It's time

Bernhard,

You going to be ready for July?

https://arstechnica.com/gadgets/2018...as-not-secure/

Ping me if you need a hand.
Reply With Quote
  #5  
Old 02-09-2018, 10:07 PM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 5,865
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by KamaK View Post
Bernhard,

You going to be ready for July?

https://arstechnica.com/gadgets/2018...as-not-secure/

Ping me if you need a hand.
The cynic in me thinks that immediately following this update, google with start selling SSL certs.
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #6  
Old 02-10-2018, 02:45 AM
KamaK KamaK is offline
Platinum Member
 
Join Date: Apr 2014
Location: East Coast
Posts: 5,605
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by Dr_Watso View Post
The cynic in me thinks that immediately following this update, google with start selling SSL certs.
Indeed.

Luckily, enough cynics felt this way a few years back and created their own CA.

http://www.cacert.org/
Reply With Quote
  #7  
Old 02-10-2018, 02:55 AM
Pocket-full-of-gold's Avatar
Pocket-full-of-gold Pocket-full-of-gold is offline
Platinum Member
 
Join Date: Sep 2009
Location: Melbourne, Australia.
Posts: 11,188
Default Re: Drummerworld and SSL -- It's time

There are times when I'm privy to a discussion and feel nothing but an utter friggen' moron.

This is one of those times.
Reply With Quote
  #8  
Old 02-10-2018, 03:23 AM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 5,865
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by Pocket-full-of-gold View Post
There are times when I'm privy to a discussion and feel nothing but an utter friggen' moron.

This is one of those times.
As simplified as I can, since it's an important topic, and maybe you'll find it interesting. It's certainly more complicated than I'll make it out to be, and please feel free to ask questions if you like.

Websites that begin with "https://www.example.com" rather than the regular http are "secured" by utilizing a tech called SSL which is what Kamak is talking about for DW.

Think of SSL kind of like "pig latin". Two people can communicate without using real english, but still understand each other on the basis that they both realize you just re-arrange the letters to each word in a set way. If an outsider who doesn't have the "code" tries to listen in, say a small child who hasn't figured it out yet, they'll be confused.

That's a long way of saying it's a literal cipher key. Just like radio cipher or my previous example of the "pig latin" code, using SSL/HTTPS can help prevent a nefarious fellow who's trying to listen into the data exchange and get passwords, or what have you.

Since we don't exchange credit card numbers or do business on this site, it's not that big of a deal, but using it is certainly best practice and helps with security.
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #9  
Old 02-10-2018, 03:29 AM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 5,865
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by KamaK View Post
Indeed.

Luckily, enough cynics felt this way a few years back and created their own CA.

http://www.cacert.org/
Hey, that's cool! Thanks!

I don't think I would trust it as much for something critical, but for general use like this that's neat!
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #10  
Old 02-10-2018, 07:48 AM
KamaK KamaK is offline
Platinum Member
 
Join Date: Apr 2014
Location: East Coast
Posts: 5,605
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by Dr_Watso View Post
I don't think I would trust it as much for something critical, but for general use like this that's neat!
On the flip side, we can trust that Verisign/Symantec/Thawte/Entrust trusts their customers just enough to be willing to take their money. Sigh, the uncanny intermingling of capitalism and privacy... I guess it's hard to complain with my mouth full.
Reply With Quote
  #11  
Old 02-12-2018, 05:23 PM
Jeremy Bender's Avatar
Jeremy Bender Jeremy Bender is offline
Platinum Member
 
Join Date: Jul 2007
Location: Gulf Coast USA
Posts: 3,151
Default Re: Drummerworld and SSL -- It's time

I don't understand what any of this means. Is the future use of this forum in danger of a security breach to our own computers? Will we start having to pay to be members?
Thanks. I know very little about these things.
Reply With Quote
  #12  
Old 02-12-2018, 07:37 PM
KamaK KamaK is offline
Platinum Member
 
Join Date: Apr 2014
Location: East Coast
Posts: 5,605
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by Jeremy Bender View Post
I don't understand what any of this means. Is the future use of this forum in danger of a security breach to our own computers? Will we start having to pay to be members?
Thanks. I know very little about these things.
Ultimately, it means that anyone on your local network or anyone on DWorlds network can see anything you submit to the site, and know what you've been looking at. It also means that any DW data passing through your ISP is automatically being routed through a mystery closet and analyzed by the NSA.

(no, really, not being paranoid or making this up, there really is a government closet at your ISP analyzing absolutely everything you see and post).

Not an issue for 95% of the content here, but this includes your user/password and PM's.
Reply With Quote
  #13  
Old 02-12-2018, 08:03 PM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 5,865
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by KamaK View Post
Not an issue for 95% of the content here, but this includes your user/password and PM's.
Yep, this is really the only "worry". People often use similar username and password combos on multiple sites, so the fact that someone can snoop our passwords on this site as we use them could be an issue for some.

For the time being, everyone reading this should make sure the password they use here is not the same as one for something critical or financial.
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #14  
Old 02-12-2018, 08:05 PM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 5,865
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by KamaK View Post
On the flip side, we can trust that Verisign/Symantec/Thawte/Entrust trusts their customers just enough to be willing to take their money. Sigh, the uncanny intermingling of capitalism and privacy... I guess it's hard to complain with my mouth full.
I almost stated such in my response, but meh.

I think I only feel "safer" because we're paying for it with the big providers. Makes me feel like they will have better, more secure and more redundant/consistent service. If that's true or not is hard to say in the grand scheme, but at least I can sue!
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #15  
Old 02-13-2018, 07:05 AM
DrumEatDrum's Avatar
DrumEatDrum DrumEatDrum is online now
Platinum Member
 
Join Date: Jan 2009
Location: Los Angeles, CA
Posts: 9,202
Default Re: Drummerworld and SSL -- It's time

I'd settle for not using the same 10 year old version of V-bulletin and adding some modern features around here.

I love this forum, but it's stuck in internet past.
Reply With Quote
  #16  
Old 02-13-2018, 07:59 PM
Jeremy Bender's Avatar
Jeremy Bender Jeremy Bender is offline
Platinum Member
 
Join Date: Jul 2007
Location: Gulf Coast USA
Posts: 3,151
Default Re: Drummerworld and SSL -- It's time

What if you use "incognito" mode on Chrome?
Reply With Quote
  #17  
Old 02-13-2018, 08:03 PM
Dr_Watso's Avatar
Dr_Watso Dr_Watso is offline
Platinum Member
 
Join Date: Mar 2011
Posts: 5,865
Default Re: Drummerworld and SSL -- It's time

Quote:
Originally Posted by Jeremy Bender View Post
What if you use "incognito" mode on Chrome?
All that does is prevent your computer from storing info locally on the hard drive about visited sites and all that jazz.

It does not change the fact that passwords here are sent to the server un-encrypted and "snoopable". Please don't use common passwords here and change any passwords that you share with this site and others.
__________________
"I always wanted to be remembered for; being honest. Nothing else is worth a damn." - Lemmy
Reply With Quote
  #18  
Old 02-13-2018, 09:54 PM
T.Underhill's Avatar
T.Underhill T.Underhill is offline
Pioneer Member
 
Join Date: Oct 2005
Location: MD
Posts: 1,877
Default Re: Drummerworld and SSL -- It's time

This is what your Internet traffic would look like when you login to the site via http not https. The username and password is shown in "clear text" meaning readable to whoever is capturing your traffic. I know this has been stated, but the visual is interesting. This traffic is likely to only be compromised if you're on a public network like an open WiFi connection.
Attached Images
 
Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off




All times are GMT +2. The time now is 06:08 AM.


Powered by vBulletin® Version 3.8.0
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Bernhard Castiglioni's DRUMMERWORLD.com