1. Forum
  2. Usenet Intenat
  3. ALT.BBS.SYNCHRONET

  • Security Question

    From HusTler@1:229/2 to All on Sunday, October 18, 2020 15:47:14
    From: hustler@HAVENS.remove-kr1-this

    So for whatever reason I am unable to get https working on my bbs. My question
    is if someone logs on using ftelnet from the webpage which is using the webv4 interface, is the users name and password encrypted? What about if the user logs on using the
    web interface. Is that encrypted? How would I check this myself? Is that a whole new thing? Thanks


    ... Life is a sexually transmitted disease

    HusTler
    Havens BBS
    (havens.synchro.net:23)

    ---
    þ Synchronet þ Havens BBS havens.synchro.net
    --- Synchronet 3.18c-Win32 NewsLink 1.113
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From Digital Man@1:229/2 to All on Sunday, October 18, 2020 18:10:42
    From: digital.man@vert.synchro.net.remove-y1e-this

    To: HusTler
    Re: Security Question
    By: HusTler to All on Sun Oct 18 2020 03:47 pm

    So for whatever reason I am unable to get https working on my bbs. My question is if someone logs on using ftelnet from the webpage which is using the webv4 interface, is the users name and password encrypted?

    ftelnet uses websockets, which are not encrypted by default. There is WSS (websockets-secure) support in exec/websocketservice.js, but I don't recall if ftelnet does/can use it.

    What about if
    the user logs on using the web interface. Is that encrypted?

    It depends. The legacy web UI uses http authentication, which is usually digest
    (not clear text). ecWeb uses his own login method would would be encrypted from
    the client when using HTTPS.

    How would I check this myself?

    Use a network sniffer, like Wireshark.



    digital man

    Synchronet/BBS Terminology Definition #15:
    CR = Carriage Return (ASCII 13, Ctrl-M)
    Norco, CA WX: 78.3øF, 54.0% humidity, 9 mph E wind, 0.00 inches rain/24hrs
    --- Synchronet 3.18c-Win32 NewsLink 1.113
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From echicken@1:229/2 to All on Sunday, October 18, 2020 22:43:31
    From: echicken@ECBBS.remove-7m2-this

    To: Digital Man
    Re: Security Question
    By: Digital Man to HusTler on Sun Oct 18 2020 18:10:42

    ftelnet uses websockets, which are not encrypted by default. There is WSS
    (websockets-secure)
    support in exec/websocketservice.js, but I don't recall if ftelnet
    does/can use it.

    If the page is served via HTTPS, webv4 will try to configure ftelnet to use WSS. The sysop needs to have WSS configured in services.ini.

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
    --- Synchronet 3.18c-Win32 NewsLink 1.113
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)
  • From Tracker1@1:229/2 to Digital Man on Monday, October 19, 2020 19:58:48
    From: tracker1@TRN.remove-w80-this

    To: Digital Man
    On 10/18/2020 6:10 PM, Digital Man wrote:
    ftelnet uses websockets, which are not encrypted by default. There is WSS
    (websockets-secure) support in exec/websocketservice.js, but I don't recall if ftelnet does/can use it.

    ftelnet can use wss.

    --
    Michael J. Ryan
    tracker1 +o Roughneck BBS

    ---
    þ Synchronet þ Roughneck BBS - coming back 2/2/20
    --- Synchronet 3.18c-Win32 NewsLink 1.113
    * Vertrauen - Riverside County, California - telnet://vert.synchro.net

    --- SoupGate-Win32 v1.05
    * Origin: www.darkrealms.ca (1:229/2)