Change link to the Forum in Explore menu to HTTPS

[SyleusSnow]

(this is somewhat related to https://forum.literotica.com/showthread.php?t=1527771) Apologies if mentioned before.

Currently in the user page, the link to the forum on the Explore drop-down menu points to unencrypted URL http://forum.literotica.com/

Clicking this results in the user session not getting passed to the forum. You can login again on the forum, but since the URL is HTTP your credentials get passed in plain text. That opens users to the possibility of interception of credentials and other shenanigans.

Now that the forum is available via HTTPS, can you please please please change the link to it in the Explore menu on the user page to https://forum.literotica.com ? By linking to the HTTPS URL, session credentials get passed and the user is automatically logged into the forum.

Thanks.

 

[Salacious_Scribe]

(this is somewhat related to https://forum.literotica.com/showthread.php?t=1527771) Apologies if mentioned before.

Currently in the user page, the link to the forum on the Explore drop-down menu points to unencrypted URL http://forum.literotica.com/

Clicking this results in the user session not getting passed to the forum. You can login again on the forum, but since the URL is HTTP your credentials get passed in plain text. That opens users to the possibility of interception of credentials and other shenanigans.

Now that the forum is available via HTTPS, can you please please please change the link to it in the Explore menu on the user page to https://forum.literotica.com ? By linking to the HTTPS URL, session credentials get passed and the user is automatically logged into the forum.

Thanks.

Not being that familiar with tech but why do you care? I mean the worst thang that can happen if someone here gets your user name is post some spam? I can understand if it was a bank or something but here? Why does it matter?

 

[ElectricBlue]

Do what I do - when you click through to the Forum, add https:// before forum.literotica.com

It holds for a couple of hours - eight key strokes, you ain't going to die from the effort .

 

[SyleusSnow]

Mainlt because it's annoying: You login to Lit, get to your user page, then open Explore menu to get to the forum. Because it's currently linked to HTTP, your session credentials don't get transferred so you're not logged into the forum.

Now, you can login by filling out the username and password fields at the top of the forum page, but because it's unencrypted HTTP, anyone on the Internet sitting between your web browser and the Literotica server can capture your username and password since they are sailing by in clear text.

Maybe then they login as you, change your password to lock you out of your account, then add, change or delete your stories, and maybe log into the forum to post harassing messages and send nasty PMs that get you banned and your permanently account deleted. Damn hard to prove it wasn't you.

Pointing the forum link in the Explorer menu to the HTTPS URL solves both problems: the forum opens up with you already logged in, and nasty Internet types don't get to capture then misuse your Lit username and password.

 

[SyleusSnow]

Do what I do - when you click through to the Forum, add https:// before forum.literotica.com

It holds for a couple of hours - eight key strokes, you ain't going to die from the effort .

Well, sure... but why? Even easier is to add a rule in your browser's HTTPS Everywhere plugin (you ARE using that, aren't you?) to force it to go to the HTTPS URL of the forum.

There's no reason I can think of for the menu to still link to the HTTPS forum URL. Manu probably just hasn't gotten around to updating it.

 

[AlinaX]

You're assuming people have a clue about any of this. Certainly you can argue that in this day and age they really need to have a clue, but the reality is that most don't.

By far the easiest fix is to fix the site, not telling everyone else to work around it. Why does it matter? Because even if you don't care about your Lit account, chances are high that you are using a password you use elsewhere. Because that's what people do. Not everyone lets Firefox choose random passwords for each site.

For me the easiest workaround is:
1. Log in to the main site and panel as usual
2. Follow the [literotica] link back to the main site page
3. Click on Bulletin Board

 

[jaF0]

There's no reason I can think of for ...

... anybody to care. Nobody has credit card or bank account numbers stored here that I know of.

 

[jaF0]

Because even if you don't care about your Lit account, chances are high that you are using a password you use elsewhere. Because that's what people do.

I never use any PW or ID on more than one site.

 

[SyleusSnow]

You're assuming people have a clue about any of this.

Heh, I stopped assuming that decades ago. As evidenced by current world events, clues are in even more short supply than usual

Still, surprising to see anyone arguing against using encryption on the Internet, especially for a site like Lit.

No doubt Manu or whoever will update the link when they can and I'll work around it meanwhile. I'm just happy the Forum after all these years is finally available on HTTPS.

 

[Zeb_Carter]

OR you can use a browser that automatically puts the HTTPS in there for you.

The one I use, is Brave, but I'm sure there are others. Or not.

 

[jaF0]

Still, surprising to see anyone arguing against using encryption on the Internet, especially for a site like Lit.

You're confusing HTTPS logins with encryption/scrambling to the point you need a key to even read the pages while not logged in. This site is fully open to read, both the boards and story side. Anyone viewing the site from anywhere in the world can read every word you post (unless the site is blocked in some countries). HTTPS would do nothing to prevent that.