36,925 bells
» Site Suggestions Board
Topic: A more secure ACC

Page of 1

Last Active
6/2 2:00am
GavinGoneGlobal wrote:
"ACC does not use HTTPS, so, if you're on a public WiFi network, or if you have a virus on your device, it would be easier for an attacker to read your login information.

ACC has never used HTTPS before, so it's not a "new security issue", so not exactly a worry. The only difference is that the latest iOS update adds this warning if it guesses that there's a login form on the page. The "User Name Lookup" triggers it if you focus on it, as well as a few other pages."
I don't really have much to lose by someone finding out my login here, but for members who use ACC on public WiFi and don't come up original passwords, it would be beneficial to have ACC secured.

With HTTPS now being fairly standard for webpages, we should consider making ACC secure if that's not already planned for ACC 2.0.
w a s h   y o u r   h a n d s
Bells: 1,319,470 Catalog: 0 Feedback: 0 WiFi:  (35) Patterns: 2  
Last Active
7/8 5:59pm
It is planned and on the SFQ board. As of now there's no schedule on it so I'm not sure if it will be a part of ACC 2.0 but it's certainly in the plans.
Let's go Gophers! Ski-U-Mah!
Sorry, I don't accept random FCRs.
Bells: 1,954,880 Catalog: 68 Feedback: 6 WiFi:  (40) Patterns: 6  
Last Active
7/7 9:02pm
Yes, unfortunately there is no version of IIS that is both old enough to support many of the language features we rely on and new enough to be easily configurable for HTTPS. So it's something that's not really possible at the moment.

I suppose we could set up a reverse proxy, but I'm not a big fan of that because it falsely indicates that the site is "fully secure". It would protect against bad actors local to users (e.g. on public Wi-Fi networks or with nosey ISPs), but on the other side of the proxy we would be funnelling all requests through a single unsecure channel, so it would actually be easier than it is now for someone to intercept all traffic from all users. Also, it would require Jader to change DNS settings, and getting him to be online at a convenient time is its own problem.

ACC 2.0 will be fully protected with HTTPS.
There's no place like
Bells: 996,200 Catalog: 0 Feedback: 0 WiFi:  (46) Patterns: 4  
Site Suggestions Board » Topic: A more secure ACC

Page of 1

Legend:   Site Owner    Administrator    Moderator    Researcher    Developer    Scout    New Member   Honorary Citizen   Birthday