Results 1 to 6 of 6
  1. #1
    Join Date
    Dec 2011
    Location
    Buderim qld
    Posts
    17

    Default Staying Logged-in to Forum

    Is it safe to stay constantly logged in, to this forum, without logging on and then signing off after each viewing?

    The reason I ask this question is that another forum site I am on, posted this--

    "And in case you missed it, we switched the forum over to full SSL. This basically means the connection between your computer and our server is completely secure, just like when you log into your online banking."

    I have no idea what 'full SSL' means, but is this Woodwork Forum a secure connection as well?

  2. #2
    Join Date
    Oct 2004
    Location
    Melbourne, Australia.
    Posts
    128

    Default

    I don't believe this forum is as secure as a bank web site, but then again I'm not trying to extract money from it.

    I have been a member for quite a number of years and used at least four computers, including the current one which is a whiz bang super duper computer about one month old. I also use a tiny 25cm laptop to access the site and have done so since purchasing that laptop about four years ago.

    In all cases I have left my log in on, so that when I come back I'm straight into it.

    Most secure websites will have a padlock symbol showing somewhere to let you know it's a secure site, can't see one on this site.

    Mick.

  3. #3
    Join Date
    Dec 2005
    Location
    Canberra
    Posts
    723

    Default

    "Full SSL" means that the site has the Secure Sockets Layer active, meaning that information you send to the site (ie the text you type into a thread reply or whatever) is encrypted using the site's public key.

    So you type in "Staying Logged-in to Forum", and this gets sent to the forum (when you press the button) as the cyphertext "Fgnlvat Ybttrq-va gb Sbehz" (if it's using the ROT-13 cypher...which is just an example of a cypher). It's actually bit more complex than that, but I'll gloss over the details!

    You can tell if a site is using SSL as instead of page URLs starting with "http:/" they will start with "https:/", the "s" standing for 'secure'. So to answer your question, no, general text is passed to this site as plaintext.

    However login data/username is stored on your PC as an encrypted cookie. When you log on, the site checks to see if you have a valid cookie for your userid/password, and if you do, it authenticates you.

  4. #4
    Join Date
    Oct 2004
    Location
    Melbourne, Australia.
    Posts
    128

    Default

    I love this forum, wonderful explanation, although I have no idea what I'll ever do, if anything, with that explanation.

    Mick.

  5. #5
    Join Date
    Dec 2011
    Location
    Buderim qld
    Posts
    17

    Default

    Quote Originally Posted by Master Splinter View Post
    "Full SSL" means that the site has the Secure Sockets Layer active, meaning that information you send to the site (ie the text you type into a thread reply or whatever) is encrypted using the site's public key.

    So you type in "Staying Logged-in to Forum", and this gets sent to the forum (when you press the button) as the cyphertext "Fgnlvat Ybttrq-va gb Sbehz" (if it's using the ROT-13 cypher...which is just an example of a cypher). It's actually bit more complex than that, but I'll gloss over the details!

    You can tell if a site is using SSL as instead of page URLs starting with "http:/" they will start with "https:/", the "s" standing for 'secure'. So to answer your question, no, general text is passed to this site as plaintext.

    However login data/username is stored on your PC as an encrypted cookie. When you log on, the site checks to see if you have a valid cookie for your userid/password, and if you do, it authenticates you.
    So should we constantly log on and then log out?

  6. #6
    Join Date
    Dec 2005
    Location
    Canberra
    Posts
    723

    Default

    Quote Originally Posted by Kidbee View Post
    So should we constantly log on and then log out?
    Depends on how secure you like to be.

    For maximum security, your passwords are all 256-bits long and are completely random (3nDf*90(8h@wKDv]89X13^Kb"k,t79_ 52yNkL;}3*f0/Je712m> etc ), ensuring that a brute force attack would be unlikely to succeed in under 3×1051 years (which is considerably longer than the half-life of the proton, according to some estimates of proton half-life).

    ...And you don't store them on your computer, and you have a unique password for each site, and you memorise all of them and never write them down.

    Personally, the only sites where I wouldn't auto-login are ones with monetary/informational consequences (banks, paypal, neverwinter, minecraft). If I auto-login at least I can have the computer remember passwords and login details for me so I'm not using the same email address and easy to remember password all the time.

    Sites with no financial or personal information consequences...I don't really care!

Similar Threads

  1. Screen door not staying locked
    By Reno RSS Feed in forum DOORS, WINDOWS, ARCHITRAVES & SKIRTS ETC
    Replies: 0
    Last Post: 21st September 2012, 01:10 AM
  2. IMPORTANT Logged Out
    By wheelinround in forum FORUMS INFO, HELP, DISCUSSION & FEEDBACK
    Replies: 21
    Last Post: 1st March 2012, 09:41 AM
  3. PIR Light staying on
    By Reno RSS Feed in forum PLUMBING, ELECTRICAL, HEATING, COOLING, etc
    Replies: 0
    Last Post: 8th December 2008, 01:10 PM
  4. Logged out automatically
    By Calm in forum FORUMS INFO, HELP, DISCUSSION & FEEDBACK
    Replies: 43
    Last Post: 25th October 2008, 09:45 PM
  5. Being logged off when posting?
    By Skew ChiDAMN!! in forum FORUMS INFO, HELP, DISCUSSION & FEEDBACK
    Replies: 27
    Last Post: 29th January 2006, 02:22 AM

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •