2016-04-24, 06:20 AM
2016-04-24, 06:57 AM
It's something which is being worked on.
2016-04-24, 04:50 PM
As Nathan said we're working on it.
2016-08-03, 07:22 AM
(2016-04-24, 04:50 PM)Ben C Wrote: [ -> ]As Nathan said we're working on it.Until now?
2016-08-03, 07:56 AM
We're getting close to switching to it (was discussing it with some other team members today), but there are multiple parts that we need in place to deal with mixed content without having excessive latency or disclosing our server IP, which would lead to immature children launching a DoS against the forum again.
2016-08-06, 01:52 AM
We're slowly progressing with the issue:
- As you can notice, the Community forum pages now redirect to the HTTPS version and remote resources are being routed through our proxy with DVZ Secure Content. There are still minor issues including the Extend section, however the plugin & theme packages are now being served over HTTPS; you can let us know if you find other places that need looking into.
- The Docs site also works under HTTPS now and we're working on rewriting current URLs linking to the Documentation.
2016-08-06, 03:22 AM
Ooooh green padlock!
For some time now this has been the only site (with a few limited exceptions) that hasn't been SSL. Thanks for updating.
For some time now this has been the only site (with a few limited exceptions) that hasn't been SSL. Thanks for updating.
2016-08-06, 03:58 AM
(2016-08-06, 03:22 AM)Ben Cousins Wrote: [ -> ]Ooooh green padlock!
For some time now this has been the only site (with a few limited exceptions) that hasn't been SSL. Thanks for updating.
Yep. That's always been very unacceptable, and especially to me (kinda a security/privacy-paranoid person). We're very glad to finally be delivering content more securely to everyone.
As a little update:
We're working on getting links on the docs site updated to be directly to HTTPS versions of MyBB.com resources. Due to a GitHub snafu earlier (in which GitHub's robots mistakenly believed I was a spambot) that'll take more time than planned, but should be done in the next day or so.
The Extend site also has one mixed content item (twice). That's a known issue and a patch has been prepared, and we're just waiting on someone with server access to patch the Extend plugin on server.
We're also working on getting links in the core software updated for the next release (soon, fwiw) with version checking, blog updates, credits, and more fetched over HTTPS directly. MyBB's stuff should be 100% HTTPS soon.
For anyone who sees this: I would suggest out of an abundance of precaution that you should consider changing your password and relogging here on the community. There is no reason to believe that our systems have been compromised, but your information has been transmitted across the internet in cleartext for a long time, and so it wouldn't be a bad idea to consider those credentials compromised by principle.