Paging Professor (HTTPS implementation) - http://www.mmcafe.com/ Forums


Original message (659 Views )


user profileedit/delete message
PSN: n/a
XBL: n/a
Wii: NNID:sfried
STM: n/a
CFN: n/a
Red Carpet Premium Member




"Paging Professor (HTTPS implementation)" , posted Sat 16 May 19:12post reply

Is there any possibility MMCafeBBS could implement HTTPS, or would this break the preexisting board?

My only concern is website security has become a growing concern, and its now easier than ever for credentials to get leaked online.






Replies:
Professor
5765th Post



user profileedit/delete message
MMCafe Owner


"Re(1):Paging Professor (HTTPS implementation)" , posted Sat 16 May 20:13:post reply

quote:
Is there any possibility MMCafeBBS could implement HTTPS, or would this break the preexisting board?

My only concern is website security has become a growing concern, and its now easier than ever for credentials to get leaked online.



HTTPS can be implemented to the MMCafe.
However it will most certainly break this old BBS, so unfortunately I haven't done it yet


It's experimental, but I've implemented SSL/HTTPS to the MMCafe and the BBS.
You can test it out here.





[this message was edited by Professor on Sun 17 May 01:25]



user profileedit/delete message
PSN: n/a
XBL: n/a
Wii: NNID:sfried
STM: n/a
CFN: n/a
Red Carpet Premium Member




"Re(2):Paging Professor (HTTPS implementation)" , posted Sun 17 May 02:01post reply

quote:
HTTPS can be implemented to the MMCafe.
However it will most certainly break this old BBS, so unfortunately I haven't done it yet


It's experimental, but I've implemented SSL/HTTPS to the MMCafe and the BBS.
You can test it out here.

This is working perfectly fine so far. Connection is secure and my HTTPS seems to be functional!

I'm waiting to hear back from other members if this is working for them as well. I will try other devices/computers in the meantime to doublecheck.







user profileedit/delete message
PSN: zonepharaoh
XBL: n/a
Wii: n/a
STM: n/a
CFN: zonepharaoh
Platinum Carpet V.I.P- Board Master





"Re(3):Paging Professor (HTTPS implementation)" , posted Sun 17 May 03:25post reply

It worked for me on mobile, both in this thread and in an ancient one I tried as a test! Nice job, Prof! Iíll try on a computer later.

...although if https ever caused us to have to leave this beautiful 90s analogue in favor of some reddit-looking hell, Iíd lose my grip!

...

...

Itís quite possible that the Cafe and its attractive design and usability (no endless sub-tab opening or loading of twitter style invisible replies) is the only thing thatís kept me from abandoning the internet entirely!





人間はいつも私を驚かせてくれる。不思議なものだな、人間という存在は...
Professor
5766th Post



user profileedit/delete message
MMCafe Owner


"Re(4):Paging Professor (HTTPS implementation)" , posted Sun 17 May 10:07:post reply

quote:
It worked for me on mobile, both in this thread and in an ancient one I tried as a test! Nice job, Prof! Iíll try on a computer later.



Cool! Did either of you need to retype your logins or anything, or was it like just as usual?





[this message was edited by Professor on Sun 17 May 10:11]



user profileedit/delete message
PSN: n/a
XBL: n/a
Wii: Switch:SW-3634-5515-7312
STM: n/a
CFN: n/a
Red Carpet Premium Member




"Re(5):Paging Professor (HTTPS implementation)" , posted Sun 17 May 10:19:post reply

quote:
It worked for me on mobile, both in this thread and in an ancient one I tried as a test! Nice job, Prof! Iíll try on a computer later.


Cool! Did either of you need to retype your logins or anything, or was it like just as usual?

It's just like the usual, actually. Nothing seems to be broken, or at least from what I could tell.

Speaking of which, I was also wondering if enhanced password security would be something that could be implemented in the (hopefully very near) future, as well. Was thinking support for more complex passwords (special characters and the like) and an opt-in for 2-factor authentication (with support for authenticator apps like Google Authenticator and Authy), but it might be asking too much from such a close-knit board, not to mention the amount of people who would be ticked-off with the need for 2FA. Considering what's been happing though with more online accounts getitng hacked, it would be prudent to tighten or at least upgrade security a bit.

I'd like to hear from the community at the very least. Especially with more people at home due to the circumstance and with more people active online, it's something we should at least look into.





[this message was edited by sfried on Sun 17 May 10:30]

Professor
5766th Post



user profileedit/delete message
MMCafe Owner


"Re(6):Paging Professor (HTTPS implementation)" , posted Sun 17 May 11:38post reply

quote:
Speaking of which, I was also wondering if enhanced password security would be something that could be implemented in the (hopefully very near) future, as well. Was thinking support for more complex passwords (special characters and the like) and an opt-in for 2-factor authentication (with support for authenticator apps like Google Authenticator and Authy), but it might be asking too much from such a close-knit board, not to mention the amount of people who would be ticked-off with the need for 2FA.


2 factor authentification is too much to implement on this old BBS. I would suggest that you follow for the MMCafe BBS the very same fundamental rule when using any service on the Internet: don't use the same password anywhere else. To note, this BBS really doesn't keep any private data except for the registration mail address, which if you are concerned I can delete from your account.







user profileedit/delete message
PSN: n/a
XBL: n/a
Wii: Switch:SW-3634-5515-7312
STM: n/a
CFN: n/a
Red Carpet Premium Member




"Re(7):Paging Professor (HTTPS implementation)" , posted Sun 17 May 12:04post reply

quote:
2 factor authentification is too much to implement on this old BBS. I would suggest that you follow for the MMCafe BBS the very same fundamental rule when using any service on the Internet: don't use the same password anywhere else. To note, this BBS really doesn't keep any private data except for the registration mail address, which if you are concerned I can delete from your account.


Guess I'll just have to exercise extra caution then. At least HTTPS is now implemented so that's a good step up.







user profileedit/delete message
Platinum Carpet V.I.P- Board Master





"Re(8):Paging Professor (HTTPS implementation)" , posted Sun 17 May 15:38post reply

I used to use a different email account for this forum, but given that this forum doesn't have our SSNs, billing information, or other personal contact information, there's really very little that a successful breach of the site's database could meaningfully give anybody. As the Professor says, about the most valuable thing something could maybe get from here is a password associated with an email account, but that's only much of a problem if you use that same password or a minor variation of it elsewhere.





Professor
5770th Post



user profileedit/delete message
MMCafe Owner


"Re(9):Paging Professor (HTTPS implementation)" , posted Sun 17 May 15:45:post reply

Just a quick update, I've checked the SSL/HTTPS on mobile and it seems to be working there as well.





[this message was edited by Professor on Sun 17 May 16:07]



user profileedit/delete message
PSN: n/a
XBL: n/a
Wii: Switch:SW-3634-5515-7312
STM: n/a
CFN: n/a
Red Carpet Premium Member




"Re(10):Paging Professor (HTTPS implementation" , posted Sun 17 May 21:10:post reply

Testing to see why certain avatars appear broken. Hmm.

Edit: Seems to me any avi's not hosted within the site get shown as "Unsecure connections" and thus my browser automatically blocks it. Results may very depending on how strict your browser is regarding 3rd party embedded elements.





[this message was edited by sfried on Sun 17 May 21:12]

Professor
5771th Post



user profileedit/delete message
MMCafe Owner


"Re(2):Re(10):Paging Professor (HTTPS implemen" , posted Sun 17 May 21:59:post reply

quote:
Testing to see why certain avatars appear broken. Hmm.

Edit: Seems to me any avi's not hosted within the site get shown as "Unsecure connections" and thus my browser automatically blocks it. Results may very depending on how strict your browser is regarding 3rd party embedded elements.



I was actually tinkering with this today-- External avatars and sigtags have been mirrored to the MMCafe server and should now display correctly (*but only when using the Expresso viewer)





[this message was edited by Professor on Mon 18 May 00:03]



user profileedit/delete message
PSN: zonepharaoh
XBL: n/a
Wii: n/a
STM: n/a
CFN: zonepharaoh
Platinum Carpet V.I.P- Board Master





"Re(3):Re(10):Paging Professor (HTTPS implemen" , posted Mon 18 May 00:27:post reply

I have entered...the Grid. A digital frontier. Ah, I mean I have entered HTTPS Super Dimensional Space Fortress MMCafe via a PC this time, and can confirm that there was no need to log in again and things were working fine as long as I was in Expresso mode. Once I swapped to Classic mode (even within the MMC retro aesthetic, I prefer the most retro version possible), some avatars did indeed disappear, and the site connection was no longer secure. So it means that people -not- viewing in Expresso mode will suddenly stop seeing a lot of avatars. Broken Avatar Club is making a comeback!





人間はいつも私を驚かせてくれる。不思議なものだな、人間という存在は...

[this message was edited by Maou on Mon 18 May 00:31]

Professor
5779th Post



user profileedit/delete message
MMCafe Owner


"Re(4):Re(10):Paging Professor (HTTPS implemen" , posted Mon 18 May 11:33:post reply

quote:
I have entered...the Grid. A digital frontier. Ah, I mean I have entered HTTPS Super Dimensional Space Fortress MMCafe via a PC this time, and can confirm that there was no need to log in again and things were working fine as long as I was in Expresso mode. Once I swapped to Classic mode (even within the MMC retro aesthetic, I prefer the most retro version possible), some avatars did indeed disappear, and the site connection was no longer secure. So it means that people -not- viewing in Expresso mode will suddenly stop seeing a lot of avatars. Broken Avatar Club is making a comeback!



Yeah, the external site avatars will disappear if you're viewing via classic mode in HTTPS-- it won't disappear in regular HTTP viewing!

It took about 2 days of various tweaking but I think the BBS and site itself is working relatively stable now with SSL. Some BBS Post-icons will break when a new reply goes up, but it'll fix itself on the next post/update after that so don't worry.





[this message was edited by Professor on Mon 18 May 17:16]

neo0r0chiaku
576th Post



user profileedit/delete message
PSN: ShikyohMukuro
XBL: IAMDC1
Wii: n/a
STM: N/A
CFN: n/a
New Red Carpet Member



"Re(5):Re(10):Paging Professor (HTTPS implemen" , posted Wed 20 May 09:41post reply

quote:
I have entered...the Grid. A digital frontier. Ah, I mean I have entered HTTPS Super Dimensional Space Fortress MMCafe via a PC this time, and can confirm that there was no need to log in again and things were working fine as long as I was in Expresso mode. Once I swapped to Classic mode (even within the MMC retro aesthetic, I prefer the most retro version possible), some avatars did indeed disappear, and the site connection was no longer secure. So it means that people -not- viewing in Expresso mode will suddenly stop seeing a lot of avatars. Broken Avatar Club is making a comeback!


Yeah, the external site avatars will disappear if you're viewing via classic mode in HTTPS-- it won't disappear in regular HTTP viewing!

It took about 2 days of various tweaking but I think the BBS and site itself is working relatively stable now with SSL. Some BBS Post-icons will break when a new reply goes up, but it'll fix itself on the next post/update after that so don't worry.


Everything is working fine on my end. Phone, tablet, desktop. I don't think I am using classic mode though. Glad you tweaked to for some security. Just keep in mind SSL is phasing out. TLS 1.2 and above will be the standard now.





Long Live I AM!
Professor
5782th Post



user profileedit/delete message
MMCafe Owner


"Re(6):Re(10):Paging Professor (HTTPS implemen" , posted Wed 20 May 12:16:post reply

quote:
I have entered...the Grid. A digital frontier. Ah, I mean I have entered HTTPS Super Dimensional Space Fortress MMCafe via a PC this time, and can confirm that there was no need to log in again and things were working fine as long as I was in Expresso mode. Once I swapped to Classic mode (even within the MMC retro aesthetic, I prefer the most retro version possible), some avatars did indeed disappear, and the site connection was no longer secure. So it means that people -not- viewing in Expresso mode will suddenly stop seeing a lot of avatars. Broken Avatar Club is making a comeback!


Yeah, the external site avatars will disappear if you're viewing via classic mode in HTTPS-- it won't disappear in regular HTTP viewing!

It took about 2 days of various tweaking but I think the BBS and site itself is working relatively stable now with SSL. Some BBS Post-icons will break when a new reply goes up, but it'll fix itself on the next post/update after that so don't worry.

Everything is working fine on my end. Phone, tablet, desktop. I don't think I am using classic mode though. Glad you tweaked to for some security. Just keep in mind SSL is phasing out. TLS 1.2 and above will be the standard now.



Thanks for the reminder-- I need to correct myself and say that MMCafe is working with TLS now (1.2 as of current), not SSL!

Edit: Forgot to mention, the site doesn't force HTTPS connection to users on classic mode, so if you're jumping from an old bookmark you'll still be seeing the site in HTTP connection. It reroutes for Expresso mode though.





[this message was edited by Professor on Wed 20 May 17:35]



user profileedit/delete message
PSN: zonepharaoh
XBL: n/a
Wii: n/a
STM: n/a
CFN: zonepharaoh
Platinum Carpet V.I.P- Board Master





"Re(7):Re(10):Paging Professor (HTTPS implemen" , posted Wed 20 May 18:36post reply

quote:
HTTPS Super Dimensional Space Fortress MMCafe
Super-cool, Prof! Itís so great of you to do this so quicklyóthank you. As Spoonís Tales of MMC from the messy writing thread remind us, patrons here enjoy the most thoughtful service on the entire internet!





人間はいつも私を驚かせてくれる。不思議なものだな、人間という存在は...