It is currently Tue Aug 22, 2017 9:52 am

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 13 posts ] 
Author Message
Offline
 Post subject: HTTPS now available on L19!
Post #1 Posted: Wed May 10, 2017 8:17 am 
Lives with ko
User avatar

Posts: 202
Location: Toronto, Ontario (Canada)
Liked others: 67
Was liked: 119
Rank: AGA 1k
GD Posts: 1190
Universal go server handle: apetresc
Hey everyone! As has been requested a few times now, lifein19x19.com now supports HTTPS: https://lifein19x19.com.

What This Means
For the non-technically-inclined among us, this basically means that L19 is a little bit safer today than it was yesterday. HTTPS protects against a certain class of attacks that would theoretically allow a malicious network to intercept your L19 traffic (most importantly, your password). There's absolutely no reason to believe this kind of attack was ever used - it's just a best practice to avoid it.

How To use It
All you have to do to take advantage of this is to use https:// instead of http:// when you visit lifein19x19.com from now on, so please update your bookmarks :) Once you do, you should see that comforting green lock:
Image


In order to make 100% sure that everything is working cleanly with HTTPS, I'm going to leave the site with HTTP still enabled for the next 7 days, during which time HTTPS is optional but I highly encourage everyone to try it out and test it. After the 7 days are up, assuming no unfixed issues arise, I'm going to make HTTPS the default and all the old http:// links will simply redirect to https://. This shouldn't require any change whatsoever to your browsing patterns, just carry on as you were before!

Known Issues

  • During the beta, it will still be possible for someone on HTTP to upload an attachment to a post and embed it (through, say, [sgf] tags) using the http:// link they get by right-clicking on the attachment URL. If they do this, the embed will fail for HTTPS viewers, since the browser will see insecure content from the same domain as an HTTPS page, which is a no-no. Once the beta ends and everyone is on HTTPS this won't be possible anymore, but for the time being, if you're using HTTP, please make sure any embeds on the lifein19x19.com domain use HTTPS, even if you're not! (Note, this does not apply to embeds from other domains. Those will still work).
  • On some pages, instead of the green lock, you may see a non-secure "information" bubble, which when clicked on shows something like this:

    Image

    What this means is that someone in the thread has put in an image (using [img] tags) from another domain (not L19) with an http:// protocol. Theoretically this means that the hypothetical attacker might discover (and/or manipulate) that particular picture, but that's not a very realistic concern. All the rest of your traffic - including your passwords - are still being protected, and only the page with that image should have this issue. To mitigate this, please use https:// when linking to things outside of L19 whenever possible, unless the site you're linking to doesn't support HTTPS for some reason.

Other than that, everything should work exactly as well as it has before :) In particular, I've gone over all old [sgf] embeds and ensured they are ported over to HTTPS so they should continue working. Please reply to this thread if you notice any issues!

Cheers!
- The L19 Admin Team :salute:

_________________
The road to wisdom? Well, it's plain, and simple to express: Err, and err, and err again; but less, and less, and less!
Image Image Image Image


This post by apetresc was liked by 8 people: Bill Spight, Bonobo, dfan, EdLee, ez4u, LocoRon, Solomon, Waylon
Top
 Profile  
 
Offline
 Post subject: Re: HTTPS now available on L19!
Post #2 Posted: Tue May 16, 2017 10:19 am 
Lives with ko
User avatar

Posts: 202
Location: Toronto, Ontario (Canada)
Liked others: 67
Was liked: 119
Rank: AGA 1k
GD Posts: 1190
Universal go server handle: apetresc
Since there didn't seem to be any problems reported for HTTPS, it is now the default - any requests to http://lifein19x19.com will be automatically redirected to https://lifein19x19.com!

_________________
The road to wisdom? Well, it's plain, and simple to express: Err, and err, and err again; but less, and less, and less!
Image Image Image Image


This post by apetresc was liked by 2 people: Bonobo, dutchie
Top
 Profile  
 
Offline
 Post subject: Re: HTTPS now available on L19!
Post #3 Posted: Tue May 16, 2017 10:41 am 
Judan

Posts: 6256
Liked others: 1475
Was liked: 2376
I am seeing many game records in old posts that do not display. Rather annoying. :(

_________________
"Drooling Banjos"

Top
 Profile  
 
Offline
 Post subject: Re: HTTPS now available on L19!
Post #4 Posted: Tue May 16, 2017 10:54 am 
Lives with ko
User avatar

Posts: 202
Location: Toronto, Ontario (Canada)
Liked others: 67
Was liked: 119
Rank: AGA 1k
GD Posts: 1190
Universal go server handle: apetresc
Bill Spight wrote:
I am seeing many game records in old posts that do not display. Rather annoying. :(


Oh! Can you link me an example or two? I thought I had fixed all of those instances, but I might have missed some.

_________________
The road to wisdom? Well, it's plain, and simple to express: Err, and err, and err again; but less, and less, and less!
Image Image Image Image

Top
 Profile  
 
Offline
 Post subject: Re: HTTPS now available on L19!
Post #5 Posted: Tue May 16, 2017 11:27 am 
Tengen

Posts: 4069
Location: Cambridge, UK
Liked others: 145
Was liked: 2001
Rank: UK 4 dan
KGS: Uberdude 4d
OGS: Uberdude 7d
Perhaps the problem with embedded game records is because the download link in the sgf tag is plain http? I just made a post in which I uploaded an sgf, previewed to get the download url and then copy-pasted that into sgf tags. It was http and the game didn't load. I've just edited it to be https and it now works.

Top
 Profile  
 
Offline
 Post subject: Re: HTTPS now available on L19!
Post #6 Posted: Tue May 16, 2017 11:42 am 
Lives with ko
User avatar

Posts: 202
Location: Toronto, Ontario (Canada)
Liked others: 67
Was liked: 119
Rank: AGA 1k
GD Posts: 1190
Universal go server handle: apetresc
Uberdude wrote:
Perhaps the problem with embedded game records is because the download link in the sgf tag is plain http? I just made a post in which I uploaded an sgf, previewed to get the download url and then copy-pasted that into sgf tags. It was http and the game didn't load. I've just edited it to be https and it now works.


Yup, that's the issue I called out in the original post - and it shouldn't happen for any new posts now that it's HTTPS by default, since any links you right-click-copy should also be HTTPS. I had also fixed it for any posts made prior to last week. Have any slipped through the cracks?

_________________
The road to wisdom? Well, it's plain, and simple to express: Err, and err, and err again; but less, and less, and less!
Image Image Image Image

Top
 Profile  
 
Offline
 Post subject: Re: HTTPS now available on L19!
Post #7 Posted: Tue May 16, 2017 12:25 pm 
Judan

Posts: 6256
Liked others: 1475
Was liked: 2376
apetresc wrote:
Bill Spight wrote:
I am seeing many game records in old posts that do not display. Rather annoying. :(


Oh! Can you link me an example or two? I thought I had fixed all of those instances, but I might have missed some.


OK. :)

https://lifein19x19.com/forum/viewtopic ... 83#p127483

https://lifein19x19.com/forum/viewtopic ... 98#p208998

https://lifein19x19.com/forum/viewtopic ... 92#p219192

https://lifein19x19.com/forum/viewtopic ... 78#p215478

https://lifein19x19.com/forum/viewtopic ... 32#p207232

Surely there are more. :)

_________________
"Drooling Banjos"


This post by Bill Spight was liked by: Bonobo
Top
 Profile  
 
Offline
 Post subject: Re: HTTPS now available on L19!
Post #8 Posted: Tue May 16, 2017 7:05 pm 
Lives with ko
User avatar

Posts: 202
Location: Toronto, Ontario (Canada)
Liked others: 67
Was liked: 119
Rank: AGA 1k
GD Posts: 1190
Universal go server handle: apetresc
Bill Spight wrote:
apetresc wrote:
Bill Spight wrote:
I am seeing many game records in old posts that do not display. Rather annoying. :(


Oh! Can you link me an example or two? I thought I had fixed all of those instances, but I might have missed some.


OK. :)

forum/viewtopic.php?p=127483#p127483

forum/viewtopic.php?p=208998#p208998

forum/viewtopic.php?p=219192#p219192

forum/viewtopic.php?p=215478#p215478

forum/viewtopic.php?p=207232#p207232

Surely there are more. :)



Woah! Not sure why my regex missed them the first time :oops: ... either way, they're fixed now! Thanks for the catches :)

Like I said, these kinds of errors won't happen anymore now that HTTPS is forced (unless someone were to go out of their way to remove the 's' from the link they copied), but I guess some old ones slipped through the cracks.

_________________
The road to wisdom? Well, it's plain, and simple to express: Err, and err, and err again; but less, and less, and less!
Image Image Image Image


This post by apetresc was liked by 2 people: Bill Spight, Bonobo
Top
 Profile  
 
Offline
 Post subject: Re: HTTPS now available on L19!
Post #9 Posted: Tue May 16, 2017 7:07 pm 
Lives with ko
User avatar

Posts: 202
Location: Toronto, Ontario (Canada)
Liked others: 67
Was liked: 119
Rank: AGA 1k
GD Posts: 1190
Universal go server handle: apetresc
(Actually, one thing I forgot to mention - the first link you posted was actually not caused by the HTTPS bug at all. It's just a bad link to OGS, not L19. The link itself is dead on OGS' site, so there's not much I can do about that...)

_________________
The road to wisdom? Well, it's plain, and simple to express: Err, and err, and err again; but less, and less, and less!
Image Image Image Image

Top
 Profile  
 
Offline
 Post subject: Re: HTTPS now available on L19!
Post #10 Posted: Mon May 22, 2017 8:25 am 
Judan

Posts: 6256
Liked others: 1475
Was liked: 2376
Here's another.

forum/viewtopic.php?p=211101#p211101

_________________
"Drooling Banjos"

Top
 Profile  
 
Offline
 Post subject: Re: HTTPS now available on L19!
Post #11 Posted: Mon May 22, 2017 11:09 am 
Judan

Posts: 7469
Liked others: 1359
Was liked: 1149
KGS: Kirby
Tygem: 커비라고해
Bill Spight wrote:


I fixed/updated that one.

_________________
Discipline is remembering what you want. -David Campbell


This post by Kirby was liked by 2 people: apetresc, Bill Spight
Top
 Profile  
 
Offline
 Post subject: Re: HTTPS now available on L19!
Post #12 Posted: Mon May 22, 2017 1:46 pm 
Judan

Posts: 7469
Liked others: 1359
Was liked: 1149
KGS: Kirby
Tygem: 커비라고해
I searched the site a bit through google, and found the posts below, which also included non-https urls for L19:
viewtopic.php?p=15176&f=4#p15176
forum/viewtopic.php?p=15061&f=57#p15061
https://www.lifein19x19.com/forum/viewt ... 44#p119544
https://www.lifein19x19.com/forum/viewt ... 46#p119546
https://www.lifein19x19.com/forum/viewt ... 47#p119547
https://www.lifein19x19.com/forum/viewt ... 49#p119549
https://www.lifein19x19.com/forum/viewt ... 50#p119550
https://www.lifein19x19.com/forum/viewt ... 61#p119561
https://www.lifein19x19.com/forum/viewt ... 62#p119562
https://www.lifein19x19.com/viewtopic.p ... 64#p119564
https://www.lifein19x19.com/viewtopic.p ... 68#p119568
https://www.lifein19x19.com/viewtopic.p ... 94#p119594
https://www.lifein19x19.com/viewtopic.p ... 47#p119647
https://www.lifein19x19.com/viewtopic.p ... 52#p119652
https://www.lifein19x19.com/viewtopic.p ... 84#p120684
https://www.lifein19x19.com/viewtopic.p ... 89#p120689
https://www.lifein19x19.com/viewtopic.p ... 91#p120691
https://www.lifein19x19.com/viewtopic.p ... 63#p120963
https://www.lifein19x19.com/viewtopic.p ... 72#p121372
https://www.lifein19x19.com/viewtopic.p ... 48#p122848
https://www.lifein19x19.com/viewtopic.p ... 05#p123005
https://www.lifein19x19.com/viewtopic.p ... 25#p123225
https://www.lifein19x19.com/viewtopic.p ... 26#p123226
https://www.lifein19x19.com/viewtopic.p ... 88#p123588
https://www.lifein19x19.com/viewtopic.p ... 58#p123958
https://www.lifein19x19.com/viewtopic.p ... 61#p123961
https://www.lifein19x19.com/viewtopic.p ... 62#p123962
https://www.lifein19x19.com/viewtopic.p ... 65#p123965
https://www.lifein19x19.com/viewtopic.p ... 69#p123969
https://www.lifein19x19.com/viewtopic.p ... 00#p124300
https://www.lifein19x19.com/viewtopic.p ... 98#p124698
https://www.lifein19x19.com/viewtopic.p ... 63#p125363
https://www.lifein19x19.com/viewtopic.p ... 81#p125481
https://www.lifein19x19.com/viewtopic.p ... 31#p125831
https://www.lifein19x19.com/viewtopic.p ... 88#p126088
https://www.lifein19x19.com/viewtopic.p ... 85#p126285
https://www.lifein19x19.com/viewtopic.p ... 99#p126499


I started updating a bunch of these manually, but then realized that I could modify the bb-code definition for sgf tags. I did this for now, so even when the post includes an L19 http URL, the string is substituted.

Hopefully this addresses at least the situation with sgf tags. Let me know if you find any problems with this.

_________________
Discipline is remembering what you want. -David Campbell


This post by Kirby was liked by 3 people: apetresc, Bill Spight, Bonobo
Top
 Profile  
 
Offline
 Post subject: Re: HTTPS now available on L19!
Post #13 Posted: Mon May 22, 2017 3:05 pm 
Lives with ko
User avatar

Posts: 202
Location: Toronto, Ontario (Canada)
Liked others: 67
Was liked: 119
Rank: AGA 1k
GD Posts: 1190
Universal go server handle: apetresc
Kirby wrote:
I started updating a bunch of these manually, but then realized that I could modify the bb-code definition for sgf tags. I did this for now, so even when the post includes an L19 http URL, the string is substituted.

Hopefully this addresses at least the situation with sgf tags. Let me know if you find any problems with this.


That's... an infinitely better solution than fixing it in the database :) Great catch, Kirby! I think I hadn't consciously realized that BBCode is re-rendered every time a post is viewed, not just at posting time.

_________________
The road to wisdom? Well, it's plain, and simple to express: Err, and err, and err again; but less, and less, and less!
Image Image Image Image


This post by apetresc was liked by 2 people: Bonobo, Kirby
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 13 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group