Authentication on this Website

Packet databases and other quizbowl sites, apps, or software should be discussed here.
Post Reply
ArnavS
Lulu
Posts: 40
Joined: Fri Feb 19, 2016 12:57 pm

Authentication on this Website

Post by ArnavS » Tue Apr 09, 2019 3:32 pm

These forums still use unsecured, vanilla HTTP as opposed to encrypted HTTPS. This is bad for security reasons, but also because browsers are making it increasingly difficult to authenticate without encryption. See, e.g., the attached screenshot from Firefox.

I think all that needs to be done is for the site to acquire an SSL certificate (from a certificate authority like Google), and use it. I understand the forums use a point-and-click template called phpBB, and it looks like there instructions on moving phpBB sites to HTTPS.
Attachments
Screen Shot 2019-04-09 at 12.27.42 PM.png
(47.11 KiB) Not downloaded yet
"We're not going to pay you to come to our tournaments" --- Paul Kasiński

WWP South, 2010-2014
NYU, 2014-2018
University of British Columbia, 2018-Present

User avatar
A Very Long Math Tossup
Rikku
Posts: 312
Joined: Mon Dec 19, 2016 10:02 pm
Location: Boulder, CO
Contact:

Re: Authentication on this Website

Post by A Very Long Math Tossup » Tue Apr 09, 2019 3:49 pm

I agree with Arnav's post, but Let's Encrypt is probably sufficient. I doubt there's any need to use a paid CA.
Matt Mitchell
Colorado '20
Treasure Valley '16
QBNotify creator, Colorado Quiz Bowl founder, PACE member

jonah
Auron
Posts: 2315
Joined: Thu Jul 20, 2006 5:51 pm
Location: Chicago

Re: Authentication on this Website

Post by jonah » Tue Apr 09, 2019 3:52 pm

I've been asking for this since August 2017 and have been told (several times, last in September 2018) that it's on the radar. All the relevant people are volunteers, so I don't feel comfortable pinging too often.
Jonah Greenthal
National Academic Quiz Tournaments

ArnavS
Lulu
Posts: 40
Joined: Fri Feb 19, 2016 12:57 pm

Re: Authentication on this Website

Post by ArnavS » Wed Apr 10, 2019 2:16 pm

Is there a way that we could volunteer to make it happen? All that the admins would need to do is delegate access to somebody for (say) a day or two. Or, we could write a small step-by-step instruction set that we could execute.

Alternately, we could chip in to fund time for one of the maintainers to make this happen. But I think it would be really useful, since people are probably reusing passwords here that they use for other (more important) services.
"We're not going to pay you to come to our tournaments" --- Paul Kasiński

WWP South, 2010-2014
NYU, 2014-2018
University of British Columbia, 2018-Present

User avatar
Mike Bentley
Auron
Posts: 5862
Joined: Fri Mar 31, 2006 11:03 pm
Location: Bellevue, WA
Contact:

Re: Authentication on this Website

Post by Mike Bentley » Wed Apr 10, 2019 3:24 pm

ArnavS wrote:
Wed Apr 10, 2019 2:16 pm
Is there a way that we could volunteer to make it happen? All that the admins would need to do is delegate access to somebody for (say) a day or two. Or, we could write a small step-by-step instruction set that we could execute.

Alternately, we could chip in to fund time for one of the maintainers to make this happen. But I think it would be really useful, since people are probably reusing passwords here that they use for other (more important) services.
Probably. Send an e-mail to Dan Goff ([email protected]) and see if you can work out the details.
Mike Bentley
VP of Editing, Partnership for Academic Competition Excellence
Adviser, Quizbowl Team at University of Washington
University of Maryland, Class of 2008

ArnavS
Lulu
Posts: 40
Joined: Fri Feb 19, 2016 12:57 pm

Re: Authentication on this Website

Post by ArnavS » Thu Apr 11, 2019 12:07 pm

He's done some work on this the LetsEncrypt front (good call @Matt, I didn't know there were free CAs like this) and will be taking another look this weekend. They will also be reviewing the archives to make sure nothing is impacted.
"We're not going to pay you to come to our tournaments" --- Paul Kasiński

WWP South, 2010-2014
NYU, 2014-2018
University of British Columbia, 2018-Present

User avatar
Deviant Insider
Auron
Posts: 4663
Joined: Sun Jun 13, 2004 6:08 am
Location: Chicagoland
Contact:

Re: Authentication on this Website

Post by Deviant Insider » Sat Jul 13, 2019 11:40 am

Any update on this?

How often should we ask why nothing is being done about this? Should we ask again in three months, or would it be more appropriate to wait a year?
David Reinstein
PACE VP of Outreach, Head Writer and Editor for Scobol Solo and Masonics (Illinois), TD for New Trier Scobol Solo and New Trier Varsity, Writer for NAQT (2011-2017), IHSSBCA Board Member, IHSSBCA Chair (2004-2014), PACE Member, PACE President (2016-2018), New Trier Coach (1994-2011)

User avatar
The Goffman Prophecies
Quizbowl Detective Extraordinaire
Posts: 1648
Joined: Wed Mar 03, 2004 10:25 pm
Location: Wichita, KS

Re: Authentication on this Website

Post by The Goffman Prophecies » Sun Jul 21, 2019 10:10 pm

Surprise!

HTTPS is enabled on the entire site. For the moment, forced redirection is only happening when you access the forums. There's some issues with the CSS on the other pages (the tournament database and packet repository) that need to be resolved before this redirection happens sitewide.
Dan Goff
HSQB sysadmin

Virginia Tech '13
South Carolina '15
and a couple other places
Not Thomas Dale HS

STAAATS

User avatar
Deviant Insider
Auron
Posts: 4663
Joined: Sun Jun 13, 2004 6:08 am
Location: Chicagoland
Contact:

Re: Authentication on this Website

Post by Deviant Insider » Mon Jul 22, 2019 12:15 am

Thank you!
David Reinstein
PACE VP of Outreach, Head Writer and Editor for Scobol Solo and Masonics (Illinois), TD for New Trier Scobol Solo and New Trier Varsity, Writer for NAQT (2011-2017), IHSSBCA Board Member, IHSSBCA Chair (2004-2014), PACE Member, PACE President (2016-2018), New Trier Coach (1994-2011)

ScoBo
Wakka
Posts: 235
Joined: Wed Jan 10, 2007 5:05 pm
Location: Kansas City area
Contact:

Re: Authentication on this Website

Post by ScoBo » Mon Jul 22, 2019 10:23 pm

I'm a goff (in case you couldn't tell) wrote:
Sun Jul 21, 2019 10:10 pm
There's some issues with the CSS on the other pages (the tournament database and packet repository) that need to be resolved before this redirection happens sitewide.
I think I have these fixed now, but let us know if you run into any problems while accessing the database or quizbowlpackets.com over https. One thing I'm aware of is I'm seeing https://hsquizbowl.org still redirecting to unsecure hsquizbowl.org/db, and it seems that is on Dan's side and not something I can fix myself.
Jeffrey Hill • Missouri Quizbowl Alliance president • UMR/Missouri S&T 2009 • Liberty (MO) 2005
Post your tournaments, SQBS reports, and question sets to the Quizbowl Resource Center Database!

User avatar
The Goffman Prophecies
Quizbowl Detective Extraordinaire
Posts: 1648
Joined: Wed Mar 03, 2004 10:25 pm
Location: Wichita, KS

Re: Authentication on this Website

Post by The Goffman Prophecies » Mon Jul 22, 2019 10:38 pm

ScoBo wrote:
Mon Jul 22, 2019 10:23 pm
I'm a goff (in case you couldn't tell) wrote:
Sun Jul 21, 2019 10:10 pm
There's some issues with the CSS on the other pages (the tournament database and packet repository) that need to be resolved before this redirection happens sitewide.
I think I have these fixed now, but let us know if you run into any problems while accessing the database or quizbowlpackets.com over https. One thing I'm aware of is I'm seeing https://hsquizbowl.org still redirecting to unsecure hsquizbowl.org/db, and it seems that is on Dan's side and not something I can fix myself.
Yup, it was a quick configuration change I had to make. It's fixed now.
Dan Goff
HSQB sysadmin

Virginia Tech '13
South Carolina '15
and a couple other places
Not Thomas Dale HS

STAAATS

Post Reply