I already posted this in the Simu forums, as well, but I wanted to post here as well as a general PSA to DR players in particular.
Subject line says it all.
I thought this was just the forum login screen at first, but it looks most of the site doesn't force HTTPS on the user (it should!), many pages that have logins do this as well – from http://www.play.net/dr/ to http://www.play.net/remote/login.asp – so if you didn't click one of the few links that does have https hard set you're never on an HTTPS connection, and even when you're no HTTPS the site is pulling non-HTTPS assets.
Uzmam! The Chairman will NOT be pleased to know you're trying to build outside of approved zones. I'd hate for you to be charged the taxes needed to have this place re-zoned. Head for the manor if you're feeling creative.
TEVESHSZAT
TOTLIIO
Re: Entire play.net isn't HTTPS compliant
04/28/2017 11:34 AM CDT
Have you looked at these forums? You want SSL Compliance? How about a modern format? lol.
TEVESHSZAT
Re: Entire play.net isn't HTTPS compliant
04/28/2017 11:58 AM CDT
IMO forcing HTTPS is a lot easier than redoing an entire forum's infrastructure
Uzmam! The Chairman will NOT be pleased to know you're trying to build outside of approved zones. I'd hate for you to be charged the taxes needed to have this place re-zoned. Head for the manor if you're feeling creative.
Uzmam! The Chairman will NOT be pleased to know you're trying to build outside of approved zones. I'd hate for you to be charged the taxes needed to have this place re-zoned. Head for the manor if you're feeling creative.
BADGOPHER
Re: Entire play.net isn't HTTPS compliant
04/28/2017 01:28 PM CDT
As someone who deployed ssl to devices not envisioned to run it, last year, don't undersell how obnoxious it is.
TEVESHSZAT
Re: Entire play.net isn't HTTPS compliant
04/28/2017 02:38 PM CDT
>>As someone who deployed ssl to devices not envisioned to run it, last year, don't undersell how obnoxious it is.
So let's start simple and ask to literally have the login link be one that's https by default.
Uzmam! The Chairman will NOT be pleased to know you're trying to build outside of approved zones. I'd hate for you to be charged the taxes needed to have this place re-zoned. Head for the manor if you're feeling creative.
So let's start simple and ask to literally have the login link be one that's https by default.
Uzmam! The Chairman will NOT be pleased to know you're trying to build outside of approved zones. I'd hate for you to be charged the taxes needed to have this place re-zoned. Head for the manor if you're feeling creative.
TOTLIIO
Re: Entire play.net isn't HTTPS compliant
04/28/2017 02:51 PM CDT
>>As someone who deployed ssl to devices not envisioned to run it, last year, don't undersell how obnoxious it is.
Yes I would say this is the right answer. I dont disagree the lack of security on this site is concerning to say the least, though. an SSL cert might play nice, it might not. This site was made in, oh, what, 2001?
TEVESHSZAT
Re: Entire play.net isn't HTTPS compliant
04/28/2017 03:57 PM CDT
>>Yes I would say this is the right answer. I dont disagree the lack of security on this site is concerning to say the least, though. an SSL cert might play nice, it might not. This site was made in, oh, what, 2001?
The site HAS SSL. https://www.play.net works (although the images linked on it aren't from https links themselves so it isn't 100% golden but still).
The site just never really forces someone to be on HTTPS instead of HTTP.
https://www.play.net/dr/signin_needed.asp works (this is good)
http://www.play.net/dr/signin_needed.asp also works (this is bad)
Uzmam! The Chairman will NOT be pleased to know you're trying to build outside of approved zones. I'd hate for you to be charged the taxes needed to have this place re-zoned. Head for the manor if you're feeling creative.
The site HAS SSL. https://www.play.net works (although the images linked on it aren't from https links themselves so it isn't 100% golden but still).
The site just never really forces someone to be on HTTPS instead of HTTP.
https://www.play.net/dr/signin_needed.asp works (this is good)
http://www.play.net/dr/signin_needed.asp also works (this is bad)
Uzmam! The Chairman will NOT be pleased to know you're trying to build outside of approved zones. I'd hate for you to be charged the taxes needed to have this place re-zoned. Head for the manor if you're feeling creative.
BADGOPHER
Re: Entire play.net isn't HTTPS compliant
04/28/2017 05:14 PM CDT
>The site just never really forces someone to be on HTTPS instead of HTTP.
That checkbox is in fact the problem, yes. It's not as simple as you're selling it, especially since these forums are...well, these forums.
That checkbox is in fact the problem, yes. It's not as simple as you're selling it, especially since these forums are...well, these forums.
TEVESHSZAT
Re: Entire play.net isn't HTTPS compliant
04/28/2017 07:39 PM CDT
>>It's not as simple as you're selling it, especially since these forums are...well, these forums.
sorry; I refuse to believe that it is "too hard" to force HTTPS on all login pages, given they do it on some login pages.
Uzmam! The Chairman will NOT be pleased to know you're trying to build outside of approved zones. I'd hate for you to be charged the taxes needed to have this place re-zoned. Head for the manor if you're feeling creative.
sorry; I refuse to believe that it is "too hard" to force HTTPS on all login pages, given they do it on some login pages.
Uzmam! The Chairman will NOT be pleased to know you're trying to build outside of approved zones. I'd hate for you to be charged the taxes needed to have this place re-zoned. Head for the manor if you're feeling creative.
BADGOPHER
Re: Entire play.net isn't HTTPS compliant
04/28/2017 09:54 PM CDT
>sorry; I refuse to believe that it is "too hard" to force HTTPS on all login pages, given they do it on some login pages.
Then, to be honest, I'm going to assume you don't know what you're doing.
Then, to be honest, I'm going to assume you don't know what you're doing.
TEVESHSZAT
Re: Entire play.net isn't HTTPS compliant
04/29/2017 01:35 AM CDT
>>Then, to be honest, I'm going to assume you don't know what you're doing
I'm not sure why you feel it is worth debating the fact that sometimes login pages on this site do force HTTPS so I would like all login pages to do that, or that some links on HTTP pages do go to HTTPS login pages, so I once again would like that for all those links, but I value your contributions which have led to a more positive goal of something I am sure will be of value once I know what point you're trying to make beyons saying you make web something go good so clearly my "please make the thing you're already doing more consistent" is totally unreasonable.
Uzmam! The Chairman will NOT be pleased to know you're trying to build outside of approved zones. I'd hate for you to be charged the taxes needed to have this place re-zoned. Head for the manor if you're feeling creative.
I'm not sure why you feel it is worth debating the fact that sometimes login pages on this site do force HTTPS so I would like all login pages to do that, or that some links on HTTP pages do go to HTTPS login pages, so I once again would like that for all those links, but I value your contributions which have led to a more positive goal of something I am sure will be of value once I know what point you're trying to make beyons saying you make web something go good so clearly my "please make the thing you're already doing more consistent" is totally unreasonable.
Uzmam! The Chairman will NOT be pleased to know you're trying to build outside of approved zones. I'd hate for you to be charged the taxes needed to have this place re-zoned. Head for the manor if you're feeling creative.
DEFOL
Re: Entire play.net isn't HTTPS compliant
04/29/2017 02:40 AM CDT
<< The fact that this has become some kind of bizarre debate boggles the mind
It's a fair suggestion to say the least. The only thing that boggles my mind is that they haven't done this already as they apparently have the HTTPS site up and running. I don't know what kind of ancient web servers SIMU is running but a simple redirect from HTTP to HTTPS shouldn't be too difficult to achieve.
It's a fair suggestion to say the least. The only thing that boggles my mind is that they haven't done this already as they apparently have the HTTPS site up and running. I don't know what kind of ancient web servers SIMU is running but a simple redirect from HTTP to HTTPS shouldn't be too difficult to achieve.
DISCOTEQ21
Re: Entire play.net isn't HTTPS compliant
05/03/2017 07:33 PM CDT
TEVESHSZAT
Re: Entire play.net isn't HTTPS compliant
05/07/2017 09:44 AM CDT
>>Then, to be honest, I'm going to assume you don't know what you're doing.
As an update, and despite my clear inability to know what I was actually requesting, you are now forced to go to an HTTPS page when logging into the forums.
Thank you, Simu-Myke!
Uzmam! The Chairman will NOT be pleased to know you're trying to build outside of approved zones. I'd hate for you to be charged the taxes needed to have this place re-zoned. Head for the manor if you're feeling creative.
As an update, and despite my clear inability to know what I was actually requesting, you are now forced to go to an HTTPS page when logging into the forums.
Thank you, Simu-Myke!
Uzmam! The Chairman will NOT be pleased to know you're trying to build outside of approved zones. I'd hate for you to be charged the taxes needed to have this place re-zoned. Head for the manor if you're feeling creative.
BADGOPHER
Re: Entire play.net isn't HTTPS compliant
05/07/2017 10:37 AM CDT
If you wake up in the morning, and encounter a jerk, he's a jerk.
If, during the day, you encounter nothing but jerks, you're Tev.
You could have chosen to post something like 'Simu Mike has added this, and said it wasn't as difficult as expected'. But no, you had to have the last word, to be better, smarter, whatever, than someone.
You're not a very good person, Tev. You play one on TV, but god is your ego insane.
If, during the day, you encounter nothing but jerks, you're Tev.
You could have chosen to post something like 'Simu Mike has added this, and said it wasn't as difficult as expected'. But no, you had to have the last word, to be better, smarter, whatever, than someone.
You're not a very good person, Tev. You play one on TV, but god is your ego insane.
ISHARON
Re: Entire play.net isn't HTTPS compliant
05/07/2017 03:12 PM CDT
>>you are now forced to go to an HTTPS page when logging into the forums.
I assume this is related to the recent login change, but for the last few days, logging out hasn't worked properly in Firefox. When I click Logout and select either option, it appears to log me out. However, when I click Login, it immediately logs me back into the previously used account without even prompting me for an account name or password.
The only way to actually log out is to delete cookies from Play.net.
Mr. Gorbachev, tear down this wall rank!
Paladin new player guide: https://elanthipedia.play.net/mediawiki/index.php/Paladin_new_player_guide
armor and shields: https://elanthipedia.play.net/mediawiki/index.php/Armor_and_shield_player_guide
I assume this is related to the recent login change, but for the last few days, logging out hasn't worked properly in Firefox. When I click Logout and select either option, it appears to log me out. However, when I click Login, it immediately logs me back into the previously used account without even prompting me for an account name or password.
The only way to actually log out is to delete cookies from Play.net.
Mr. Gorbachev, tear down this wall rank!
Paladin new player guide: https://elanthipedia.play.net/mediawiki/index.php/Paladin_new_player_guide
armor and shields: https://elanthipedia.play.net/mediawiki/index.php/Armor_and_shield_player_guide
DR-HELJE
Re: Entire play.net isn't HTTPS compliant ::NUDGE::
05/07/2017 06:43 PM CDT
This isn't a conflict folder. Please post in The Social Side of DragonRealms < Conflicts - Strictly Out of Character if you feel the need to continue.
Thanks,
Helje
DragonRealms Senior Board Moderator
Thanks,
Helje
DragonRealms Senior Board Moderator
CZAR88
Re: Entire play.net isn't HTTPS compliant
05/16/2017 08:17 AM CDT
Wow, if I thought it was so simple to get the login to use HTTPS I would've brought it up before. It's been bugging me for a long time. Thanks for bringing it up TEVESHSZAT, and thanks for fixing it Simu-Myke!
SILVEROS
Re: Entire play.net isn't HTTPS compliant
09/26/2018 09:07 AM CDT
Well something is super buggy now. No pages are accessible. It keeps telling me the host is declining anyone trying to navigate there. Gwend
