It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

ATS Secure Login Question

page: 1
3

log in

join
share:

posted on Apr, 7 2014 @ 04:26 PM
link   
This question is for mainly the ATS owners, developers or even Mods if they have the answer.

Is the ATS login secure? I don't see any secure login indicator in FF and assume (yeah I know) that means I'm sending a user/password in clear text. Is that correct or am I missing something?

If correct then why no secure login?

U2U is also fine for an answer if anyone doesn't wish to post it (for the robots.)

Thanks.




posted on Apr, 7 2014 @ 06:03 PM
link   
reply to post by Bassago
 


Anyone?

*bump*



posted on Apr, 7 2014 @ 06:29 PM
link   
I'd say in the clear.



posted on Apr, 7 2014 @ 06:40 PM
link   
reply to post by roadgravel
 


Yeah, I'm not a big fan of that method of password login.

Seems like an accident waiting to happen. Or a hack.



posted on Apr, 7 2014 @ 07:55 PM
link   
reply to post by Bassago
 


The following is my opinion as a member participating in this discussion.

If you're using Firefox, you can right-click on any page and then click on "View Page Info" in the context menu and see whether a page is encrypted or not at the bottom of the window that pops up. You can also click on the "Security" tab in that window for more information as well.

This is not an official response, but I checked some other forums and I don't know of any forum that encrypts log-in's from user to site. Most of the time, that information is encrypted in the database server-side instead.

I'm not sure how it is with ATS, but that's the way it is with most other forum software.

As an ATS Staff Member, I will not moderate in threads such as this where I have participated as a member.



posted on Apr, 7 2014 @ 08:00 PM
link   

Bassago
reply to post by Bassago
 


Anyone?

*bump*


I've also been monitoring this thread hoping one of the staff (or even Bueller himself) would post a reply as to future plans - if any.

I can tell you definitively that current login process and all browsing/posting on the site is *not* secure.

Based on the nature of the site, I'm not sure that it needs to be although there are some areas (uploads, pics, etc) where I can see members wanting more than a modicum of privacy & security.

At the very least, please make sure your PW here does *not* match any other PW's you have where security is important.



posted on Apr, 7 2014 @ 08:20 PM
link   
reply to post by Riffrafter
 


My concern is someone intercepting the password and hijacking profiles.

I've sent a U2U to the staff asking for a response. Hopefully soon.



posted on Apr, 7 2014 @ 08:39 PM
link   

Bassago
reply to post by Riffrafter
 


My concern is someone intercepting the password and hijacking profiles.

I've sent a U2U to the staff asking for a response. Hopefully soon.


Very true - I thought of that too.

But from a damage perspective, the only thing ruined is your virtual persona and reputation.

That certainly counts for a lot here - as it is the currency of the realm. But from a legal/monetary perspective - not so much.

Just rambling...pay me no heed. I am interested in any response you get, so please let me know if you get one if you don't mind (U2U is fine).

Good luck.



posted on Apr, 7 2014 @ 08:44 PM
link   
Most sites hash passwords in the database, not encrypt.



posted on Apr, 7 2014 @ 08:47 PM
link   
reply to post by Riffrafter
 


Will let you know, still hoping for a response.

I'm sure we'll get one.



posted on Apr, 7 2014 @ 09:05 PM
link   
reply to post by Bassago
 


Not sure if you missed my post above, but if you use the built-in tool in Firefox as I describe above, you should be able to answer your question.

Be patient as it may take some time for an owner to respond.








edit on 7-4-2014 by _BoneZ_ because: sp



posted on Apr, 7 2014 @ 09:05 PM
link   
reply to post by _BoneZ_
 


Thanks for the response BoneZ. I'll check out what you've said.

Maybe secure login isn't common, IDK. I know I'd feel better if it was at least on the login page. Maybe I'm worrying about nothing.

ETA - Yeah, I missed it somehow?? Then saw it. Thanks again.
edit on 129pm5151pm92014 by Bassago because: (no reason given)



posted on Apr, 7 2014 @ 09:36 PM
link   

Bassago
Is the ATS login secure? I don't see any secure login indicator in FF and assume (yeah I know) that means I'm sending a user/password in clear text. Is that correct or am I missing something?

In the clear.

Generally speaking, it's assumed that user passwords for recreational sites (of which ATS is classified) should not be the same as people use on more secure sites/email, and standards have been somewhat lower for quite some time.

Additionally, since there is no known HTTPS protocol that is completely secure, the effort seems futile for a site like ATS.

However: that being said, we have taken steps to obfuscate aspects of the log-in that make it very hard for packet-snifers to notice what is happening -- which is the first step for in-transit passwords to be noticed. Some of that same unique method is also used instead of typical garbled-text captchas to ensure we have a human user and not a bot/spider. I won't elaborate further.



posted on Apr, 7 2014 @ 09:46 PM
link   
reply to post by SkepticOverlord
 


Thanks SO. Much appreciated.

That's all I was wondering. I feel a bit better for that answer.




posted on Apr, 8 2014 @ 12:41 AM
link   
reply to post by Bassago
 


My concern is the guvament!! I'm half-joking, half-serious.



posted on Apr, 8 2014 @ 03:06 PM
link   
Asked and answered.


closed



new topics

top topics



 
3

log in

join