It is currently Tue Jan 28, 2020 4:10 am

All times are UTC - 6 hours




Post new topic Reply to topic  [ 51 posts ]  Go to page Previous  1, 2, 3, 4
Author Message
 
PostPosted: Sun Jan 05, 2020 2:41 pm 
Offline
User avatar

Joined: Tue Aug 30, 2011 5:39 pm
Posts: 2944
Location: Kinlochleven
Nanohedron wrote:
I've never seen much reason to use Active Topics, and I usually leave it alone.

Since it's pretty well the only way for anyone with an across-the-board interest (multiple forums) to monitor recent activity from one place, it's my default and basically sole gateway to C&F and I've never understood how anyone manages without it unless they're literally only interested in flutes, uilleann pipes or whatever!

_________________
And we in dreams behold the Hebrides.

Why I teach... and where
Master of nine?


Top
 Profile  
Reply with quote  
 
PostPosted: Sun Jan 05, 2020 3:38 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 34988
Location: Minneapolis
Peter Duggan wrote:
Nanohedron wrote:
I've never seen much reason to use Active Topics, and I usually leave it alone.

Since it's pretty well the only way for anyone with an across-the-board interest (multiple forums) to monitor recent activity from one place, it's my default and basically sole gateway to C&F and I've never understood how anyone manages without it unless they're literally only interested in flutes, uilleann pipes or whatever!

Here's how it works for me: I start from the Index Page, because it already tells me if there's activity. True, it's nonspecific; I'll only know that Forum X has at least one new post. So I open the Forum X page, which for me is rather like opening a package, and the first thing I take in is the lay of the land. Same with threads. I might even learn something from seeing the timing of new posts in the context of their surroundings, which can be useful in informing a mod's judgment in certain circumstances. Seldom as that might be, it's still information, and the more information I have at a glance, the better I like it.

I suppose you could call it a panoramic approach, for lack of a better word...

_________________
"Time is the wisest counselor of all." - Pericles

"I remain not entirely convinced of it." - Nano


Top
 Profile  
Reply with quote  
 
PostPosted: Sun Jan 05, 2020 7:16 pm 
Offline

Joined: Sun Dec 05, 2010 2:59 pm
Posts: 1019
Location: Southwestern Ontario
Nanohedron wrote:
So am I to understand that even though Active Topics is HTTP, in this case it doesn't matter, because the login was via HTTPS and that covers everything?
No, not exactly. Using HTTPS for the login page encrypts only the login, protecting your password. If you then switch to HTTP for browsing, be it through Active Topics at http://forums.chiffandfipple.com/search.php?search_id=active_topics, or the index page at http://forums.chiffandfipple.com/index.php, or whatever, then your browsing is not encrypted; anyone else on the coffee shop WiFi can watch the deepest wisdom of C&F go by if they have the necessary software.


Top
 Profile  
Reply with quote  
 
PostPosted: Sun Jan 05, 2020 10:21 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 34988
Location: Minneapolis
Okay, got it. Thanks.

Tunborough wrote:
... [then] anyone else on the coffee shop WiFi can watch the deepest wisdom of C&F go by if they have the necessary software.

Casting our bread upon the waters, eh? Hmm. An enviable bounty plus free marketing ... I can picture the spammers now.

_________________
"Time is the wisest counselor of all." - Pericles

"I remain not entirely convinced of it." - Nano


Top
 Profile  
Reply with quote  
 
PostPosted: Mon Jan 06, 2020 2:51 am 
Offline

Joined: Wed Jun 06, 2012 6:23 am
Posts: 398
Location: Europe and Japan
Tunborough wrote:
Turns out, you can login via HTTPS, at https://forums.chiffandfipple.com/ucp.php?mode=login, then continue your browsing via HTTP, at http://forums.chiffandfipple.com/search.php?search_id=active_topics, and still be logged in. This keeps your password secret, but avoids the problem with the missing avatars, for what it's worth.
Unfortunately it's not entirely safe. It does protect your plain-text password, but when you're logged in there's a cookie sent from your computer to the server, and with HTTP that one's in plaintext too. It's not as problematic as with the password, because anyone with nearly zero knowledge could get your login credentials by watching your password with the simplest of tools, while they would have to be slightly more sophisticated to see how to (mis-)use your cookie (not that it's difficult: Copy it and let your browser serve it - and you're "me" - the tricky part is to understand how to copy it into your browser's cookie jar).

So yes, logging in with HTTPS and continuing with HTTP is far better than only HTTP, but it doesn't protect you from the dedicated ones. Only from the rabble. Which is probably fine for C&F, *except* for the moderators - you guys should use HTTPS all the time, if someone gets hold of your login (or already-logged in session, as it were, with the cookie approach), they can do lots of damage, e.g. sabotage, banning people left and right, maybe they could even ban other moderators.


Top
 Profile  
Reply with quote  
 
PostPosted: Mon Jan 06, 2020 1:40 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 34988
Location: Minneapolis
Tor wrote:
So yes, logging in with HTTPS and continuing with HTTP is far better than only HTTP, but it doesn't protect you from the dedicated ones. Only from the rabble. Which is probably fine for C&F, *except* for the moderators - you guys should use HTTPS all the time, if someone gets hold of your login (or already-logged in session, as it were, with the cookie approach), they can do lots of damage, e.g. sabotage, banning people left and right, maybe they could even ban other moderators.

Thanks. I will definitely bear this in mind.

_________________
"Time is the wisest counselor of all." - Pericles

"I remain not entirely convinced of it." - Nano


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 51 posts ]  Go to page Previous  1, 2, 3, 4

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group
[ Time : 0.150s | 11 Queries | GZIP : On ]
(dh)