Forum: The Horizon BBS

Security Question

From HusTler@hustler@HAVENS.remove-kr1-this to All on Sun Oct 18 15:47:14 2020

From Newsgroup: alt.bbs.synchronet

So for whatever reason I am unable to get https working on my bbs. My question is if someone logs on using ftelnet from the webpage which is using the webv4 interface, is the users name and password encrypted? What about if the user logs on using the web interface. Is that encrypted? How would I check this myself? Is that a whole new thing? Thanks

... Life is a sexually transmitted disease

HusTler
Havens BBS
(havens.synchro.net:23)

---
� Synchronet � Havens BBS havens.synchro.net
--- Synchronet 3.18c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net
--- Synchronet 3.19c-Linux NewsLink 1.113

From Digital Man@digital.man@vert.synchro.net.remove-y1e-this to HusTler on Sun Oct 18 18:10:42 2020

From Newsgroup: alt.bbs.synchronet

To: HusTler
Re: Security Question
By: HusTler to All on Sun Oct 18 2020 03:47 pm

So for whatever reason I am unable to get https working on my bbs. My question is if someone logs on using ftelnet from the webpage which is using the webv4 interface, is the users name and password encrypted?

ftelnet uses websockets, which are not encrypted by default. There is WSS (websockets-secure) support in exec/websocketservice.js, but I don't recall if ftelnet does/can use it.

What about if
the user logs on using the web interface. Is that encrypted?

It depends. The legacy web UI uses http authentication, which is usually digest (not clear text). ecWeb uses his own login method would would be encrypted from the client when using HTTPS.

How would I check this myself?

Use a network sniffer, like Wireshark.

digital man

Synchronet/BBS Terminology Definition #15:
CR = Carriage Return (ASCII 13, Ctrl-M)
Norco, CA WX: 78.3�F, 54.0% humidity, 9 mph E wind, 0.00 inches rain/24hrs
--- Synchronet 3.18c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net
--- Synchronet 3.19c-Linux NewsLink 1.113

From echicken@echicken@ECBBS.remove-7m2-this to Digital Man on Sun Oct 18 22:43:31 2020

From Newsgroup: alt.bbs.synchronet

To: Digital Man
Re: Security Question
By: Digital Man to HusTler on Sun Oct 18 2020 18:10:42

ftelnet uses websockets, which are not encrypted by default. There is WSS (websockets-secure)
support in exec/websocketservice.js, but I don't recall if ftelnet does/can use it.

If the page is served via HTTPS, webv4 will try to configure ftelnet to use WSS. The sysop needs to have WSS configured in services.ini.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
� Synchronet � electronic chicken bbs - bbs.electronicchicken.com
--- Synchronet 3.18c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net
--- Synchronet 3.19c-Linux NewsLink 1.113

From Tracker1@tracker1@TRN.remove-w80-this to Digital Man on Mon Oct 19 19:58:48 2020

From Newsgroup: alt.bbs.synchronet

To: Digital Man
On 10/18/2020 6:10 PM, Digital Man wrote:

ftelnet uses websockets, which are not encrypted by default. There is WSS (websockets-secure) support in exec/websocketservice.js, but I don't recall if ftelnet does/can use it.

ftelnet can use wss.
--
Michael J. Ryan
tracker1 +o Roughneck BBS

---
� Synchronet � Roughneck BBS - coming back 2/2/20
--- Synchronet 3.18c-Win32 NewsLink 1.113
* Vertrauen - Riverside County, California - telnet://vert.synchro.net
--- Synchronet 3.19c-Linux NewsLink 1.113

Who's Online
Recent Visitors
- Genalb
  Sat Jan 11 05:33:37 2025
  from Slc, Utah via Telnet
- publixpassport
  Wed Jan 22 07:46:51 2025
  from FLORIDA via HTTPS
- maximtimeclock
  Fri Jan 24 10:54:59 2025
  from FLORIDA via HTTPS
- Genalb
  Mon Jan 27 07:40:00 2025
  from Slc, Utah via Telnet

System Info

Sysop:	Chris Crash
Location:	Huntington Beach, CA.
Users:	595
Nodes:	8 (0 / 8)
Uptime:	37:46:29
Calls:	10,784
Files:	5
Messages:	470,117