Main Menu
Main Page
Forums
Recent changes
Random page
Help

Databases
GlitchDex
AttackDex
ItemDex

Major Glitches
Trainer escape glitch
Old man trick
Celebi trick
Select glitches (Japan)
SRAM glitch
CoolTrainer♀ corruption
LOL glitch
Rival LOL glitch
Super Glitch
ZZAZZ glitch
Pomeg corruption glitch (Glitzer Popping)
Tweaking
Elite Four door glitch (Japan)
Pokémon merge glitch
Pokémon cloning
Time Capsule exploit
Arbitrary code execution
Coin Case glitch
More

Other Glitch Categories
Glitches by generation
Glitches between two generations
Japan-only/language specific glitches
Music glitches
Natural glitches
Non-core series glitches
Non-Pokémon glitches
Officially acknowledged glitches
Recurring glitches
Dead glitches

References
Pokémon GameShark codes
The Big HEX List
GB programming
Curiosities
Debugging features
Easter eggs
Error traps
Glitch areas
Glitch myths
Non-glitch exploits
Placeholder texts
Pokémon glitch terminology
Unused content and prerelease information

Useful Tools
8F Helper
GBz80 to Items
Old man trick name generator
PATH (Prama's Advanced Tweaking Heaven)
Save file editors
Special stat/Pokémon converter
Trainer escape Trainer Pokémon finder

Affiliates
Legendary Star Blob 2 (Hakuda)
Pokémon Speedruns wiki
PRAMA Initiative
Become an affiliate!

Search Wiki

 

Search Forums

 

Author Topic: Move to HTTPS  (Read 296 times)

0 Members and 1 Guest are viewing this topic.

SatoMew

  • Member+
  • *
  • Offline Offline
    • View Profile
Move to HTTPS
« on: November 22, 2016, 09:19:22 am »
The stable releases of Firefox and Chrome will soon start marking password forms served over HTTP as insecure, which will obviously affect GCL (forums and wiki) in its current state. This is part of an ongoing effort by the major browser developers to increase the adoption of HTTPS on the Web and to eventually mark every HTTP site as non-secure.

I don't know how difficult would it be to implement HTTPS on GCL but I think it's something that needs to be considered as we don't want to scare visitors and our users into thinking that GCL is compromised. Recent trustworthy services like Let's Encrypt and its Let's Monitor may help, especially since they're free. There is also the moarTLS Analyzer browser extension that identifies HTTP content on HTTPS web sites and lets you check if they can be served over HTTPS.

Yeniaul

  • Guest
Re: Move to HTTPS
« Reply #1 on: November 22, 2016, 10:24:17 am »
The DS family (at least the DS/DSi) gets kicked from any site using Let's Encrypt as soon as it broadcasts its browser version... for whatever reason (I think it's game systems in general, as it occurs for most of the Xbox and PlayStation family browsers too, which STILL make up 15% of the total traffic on the 'net.)
So some members (including me, as I use the DSi's neutered version of Opera. And no, I don't have an Android nor an iDevice I can use instead.) may find they cannot access the site any longer. Of course, you could implement an alternate HTTP-only version of the site, but that would be EXPENSIVE. Even then, the site needs fixed before we do this sort of thing, that way it's not a pain in the ass to fix broken pages and screwed directory structures.

Abwayax

  • Founder/Technical Support
  • Head Administrator
  • *****
  • Online Online
  • Gender: Male
    • View Profile
Re: Move to HTTPS
« Reply #2 on: November 22, 2016, 01:31:36 pm »
https://glitchcity.info/wiki/Main_Page

edit: It's not HTTPS-only because firstly I think some parts of the site might still be loading through HTTP, and also because someone will inevitably complain that they can no longer access the site. Also because I don't make policy decisions for the site anymore so it's not really my call whether to move to HTTPS-only.
« Last Edit: November 22, 2016, 01:35:18 pm by Abwayax »
Adrian Malacoda, http://monarch-pass.net

Free Software Foundation member #8136
Electronic Frontier Foundation member
American Civil Liberties Union member

SatoMew

  • Member+
  • *
  • Offline Offline
    • View Profile
Re: Move to HTTPS
« Reply #3 on: November 22, 2016, 05:29:41 pm »
To clarify, the idea is for GCL to use HTTPS by default but still have HTTP as a fallback so that users of older or otherwise incompatible browsers aren't left out.

The DS family (at least the DS/DSi) gets kicked from any site using Let's Encrypt as soon as it broadcasts its browser version... for whatever reason (I think it's game systems in general, as it occurs for most of the Xbox and PlayStation family browsers too, which STILL make up 15% of the total traffic on the 'net.)

I'd say that the most likely causes are lack of support for TLS 1.2 and/or no updates for those browsers that allow them to trust Let's Encrypt certificates.

https://glitchcity.info/wiki/Main_Page

edit: It's not HTTPS-only because firstly I think some parts of the site might still be loading through HTTP, and also because someone will inevitably complain that they can no longer access the site. Also because I don't make policy decisions for the site anymore so it's not really my call whether to move to HTTPS-only.

Thanks for the quick response :)

At most, there will be mixed-content warnings but we can always gradually update the references to HTTP resources that can be served over HTTPS.
« Last Edit: November 22, 2016, 06:04:12 pm by SatoMew »

Yeniaul

  • Guest
Re: Move to HTTPS
« Reply #4 on: November 22, 2016, 10:48:32 pm »
I don't make policy decisions for the site anymore
Wait, the host doesn't have executive privelege anymore? The s***?