• Security Question

    From HusTler@1:103/705 to All on Sun Oct 18 15:47:14 2020
    So for whatever reason I am unable to get https working on my bbs. My question is if someone logs on using ftelnet from the webpage which is using the webv4 interface, is the users name and password encrypted? What about if the user logs on using the web interface. Is that encrypted? How would I check this myself? Is that a whole new thing? Thanks... Life is a sexually transmitted diseaseHusTler Havens BBS
    (havens.synchro.net:23)

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to HusTler on Sun Oct 18 18:10:42 2020
    Re: Security Question
    By: HusTler to All on Sun Oct 18 2020 03:47 pm

    So for whatever reason I am unable to get https working on my bbs. My question is if someone logs on using ftelnet from the webpage which is
    using
    the webv4 interface, is the users name and password encrypted?

    ftelnet uses websockets, which are not encrypted by default. There is WSS (websockets-secure) support in exec/websocketservice.js, but I don't recall if ftelnet does/can use it.

    What about if
    the user logs on using the web interface. Is that encrypted?

    It depends. The legacy web UI uses http authentication, which is usually digest (not clear text). ecWeb uses his own login method would would be encrypted from the client when using HTTPS.

    How would I check this myself?

    Use a network sniffer, like Wireshark.



    digital man

    Synchronet/BBS Terminology Definition #15:
    CR = Carriage Return (ASCII 13, Ctrl-M)
    Norco, CA WX: 78.3øF, 54.0% humidity, 9 mph E wind, 0.00 inches rain/24hrs
    --- SBBSecho 3.11-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From echicken@1:103/705 to Digital Man on Sun Oct 18 22:43:31 2020
    Re: Security Question
    By: Digital Man to HusTler on Sun Oct 18 2020 18:10:42

    ftelnet uses websockets, which are not encrypted by default. There is WSS
    (websockets-secure)
    support in exec/websocketservice.js, but I don't recall if ftelnet
    does/can use it.

    If the page is served via HTTPS, webv4 will try to configure ftelnet to use WSS. The sysop needs to have WSS configured in services.ini.

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Tracker1@1:103/705 to Digital Man on Mon Oct 19 19:58:48 2020
    On 10/18/2020 6:10 PM, Digital Man wrote:
    ftelnet uses websockets, which are not encrypted by default. There is WSS
    (websockets-secure) support in exec/websocketservice.js, but I don't recall if ftelnet does/can use it.

    ftelnet can use wss.

    --
    Michael J. Ryan
    tracker1 +o Roughneck BBS

    ---
    þ Synchronet þ Roughneck BBS - coming back 2/2/20
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)