MyEpisodes Forum Index
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Upgrade MD5 password hashing and route traffic over HTTPS

 
Post new topic   Reply to topic    MyEpisodes Forum Index -> Requests
View previous topic :: View next topic  

Do you want this request?
Yes - I would find that request useful.
77%
 77%  [ 7 ]
No - I would not find that request useful.
22%
 22%  [ 2 ]
Total Votes : 9

Author Message
borhoofd


Posts: 5

PostPosted: Fri May 12, 2017 8:31 pm    Post subject: Upgrade MD5 password hashing and route traffic over HTTPS Reply with quote

[Request Name]
Upgrade MD5 password hashing and route traffic over HTTPS

[Description]
MyEpisodes still uses MD5 hashing for passwords. While it is good that passwords are hashed, this algorithm is not safe anymore and really needs to be replaced.

Additionally SSL is currently not enforced although there is a valid certificate. Enforcing SSL is pretty common nowadays and I would suggest that this step is taken as well.

[Target URL]
Every page of the site.

[Comments]
Enforcing SSL is very easy to implement since there is already a valid certificate present. Changing the hashing algorithm is a bit more annoying, but there are clear instructions of how to implement this online: https://security.stackexchange.com/questions/90561/how-to-replace-an-old-password-hashing-method-with-a-newer-one-in-software

I hope you'll find time to make this change to future-proof the site a bit more. I'm a big fan and would love to keep using it for many years to come.
Back to top
View user's profile Send private message
ymybe


Posts: 1

PostPosted: Sat Feb 24, 2018 4:57 pm    Post subject: as https / tls is available Reply with quote

you might want to at something like:
Code:
   RewriteEngine on
   RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,QSA,R=permanent]


into your virtual host configuration (depending on what server you use, this one works for apache and rewrites the url from http:// to https:// )
Back to top
View user's profile Send private message
lwiczek


Posts: 16

PostPosted: Fri Jun 29, 2018 10:37 pm    Post subject: Reply with quote

I think that supporting https is enough - and if someone doesn't want to use please let them be.
(and if you want for your browser to automatically redirect you to https just use HttpsEveryoner or similar)
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    MyEpisodes Forum Index -> Requests All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Main design by MW. Refitted to board by Hostile.