mersenneforum.org  

Go Back   mersenneforum.org > Great Internet Mersenne Prime Search > PrimeNet

Reply
 
Thread Tools
Old 2017-01-19, 20:33   #12
Mark Rose
 
Mark Rose's Avatar
 
"/X\(‘-‘)/X\"
Jan 2013
Ͳօɾօղէօ

2·7·199 Posts
Default

Who knows what the effect may be on the various spiders that connect to the HTTP site.
Mark Rose is offline   Reply With Quote
Old 2017-01-20, 06:48   #13
Dubslow
Basketry That Evening!
 
Dubslow's Avatar
 
"Bunslow the Bold"
Jun 2011
40<A<43 -89<O<-88

3·29·83 Posts
Default

Quote:
Originally Posted by Mark Rose View Post
Who knows what the effect may be on the various spiders that connect to the HTTP site.
Okay, maybe "force" was wrong -- is there a way to inquire a new connection if it is capable of switching, and if so, to do so?
Dubslow is offline   Reply With Quote
Old 2017-01-20, 21:40   #14
Mark Rose
 
Mark Rose's Avatar
 
"/X\(‘-‘)/X\"
Jan 2013
Ͳօɾօղէօ

2×7×199 Posts
Default

Quote:
Originally Posted by Dubslow View Post
Okay, maybe "force" was wrong -- is there a way to inquire a new connection if it is capable of switching, and if so, to do so?
The best way may be with a script at the top of the document. The spiders probably aren't executing JS.
Mark Rose is offline   Reply With Quote
Old 2017-01-21, 03:10   #15
Madpoo
Serpentine Vermin Jar
 
Madpoo's Avatar
 
Jul 2014

326110 Posts
Default

Quote:
Originally Posted by Mark Rose View Post
Who knows what the effect may be on the various spiders that connect to the HTTP site.
That's the biggest concern. Regular web browsers won't be affected, except for the warm fuzzies they get from seeing that it's a secure connection.

I locked down the cipher suite to make sure that when we go secure, we're not doing it half-heartedly. That means obvious things like disabling SSLv3 and basically going with TLS and using only the ciphers with forward secrecy. The SSL Labs test gives it an A and the downside is if you're from the stone age and visiting with Windows XP and IE 6, you're out of luck. All other modern-ish browsers (and I think even the old funky Firefox 3.x that a certain someone prefers) should be okay.

But yeah... the people who use scripts to crawl result pages or collect the reports... if I start redirecting http -> https (which is easy to do, by the way), depending on how they did their script it may ignore a 301/302 redirect, or it may not be setup to work with SSL.

I know curl by itself would need a list of trusted CAs (or use the -k option to ignore cert issues, which isn't the best idea). I really don't know what people are using to crawl the site with so we'll probably just have to give them time to test it and then make the switch.

I started a new thread devoted to discussing the SSL switch so I'll be monitoring things there.
Madpoo is offline   Reply With Quote
Old 2017-01-21, 04:53   #16
Prime95
P90 years forever!
 
Prime95's Avatar
 
Aug 2002
Yeehaw, FL

22·1,709 Posts
Default

Most importantly, be sure the prime95 client which communicates using http is not affected by any changes.
Prime95 is offline   Reply With Quote
Old 2017-01-24, 03:54   #17
Madpoo
Serpentine Vermin Jar
 
Madpoo's Avatar
 
Jul 2014

1100101111012 Posts
Default

Quote:
Originally Posted by Prime95 View Post
Most importantly, be sure the prime95 client which communicates using http is not affected by any changes.
Good point. The client communicates with v5.mersenne.org so it's fortunately separate from the website.

With that said, it might be a good future project to get new clients to talk over SSL as well, although it's probably not critical. Passwords aren't passed along using the API (as far as I'm aware).

At any rate, SSL on the website should leave the Prime95 clients alone. The biggest concerns I had were with GPU72 and Misfit since (not sure on the details) they can proxy client activity and then talk to the manual assignment/result pages, or something like that. I'm fuzzy on just how those worked, thus my concern.

It's not terribly difficult to exclude the manual assign/result pages from being redirected, if there's still a concern about that.
Madpoo is offline   Reply With Quote
Old 2017-01-24, 05:24   #18
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

22×32×151 Posts
Default

Quote:
Originally Posted by Madpoo View Post
All other modern-ish browsers (and I think even the old funky Firefox 3.x that a certain someone prefers) should be okay.
I never have any trouble with other sites, so unless you have done something particularly restrictive then it should be fine.
retina is offline   Reply With Quote
Old 2017-01-24, 15:48   #19
chalsall
If I May
 
chalsall's Avatar
 
"Chris Halsall"
Sep 2002
Barbados

899210 Posts
Default

Quote:
Originally Posted by Madpoo View Post
Passwords aren't passed along using the API (as far as I'm aware).
That is correct.

The worst someone could do who was "sniffing the plain-text traffic" would be to replay assignment requests. If they reverse engineered the client's "secret sauce" security code they would also be able to unassign assignments.

But really, that's an exceptionally unlikely scenario. Someone would have to really hate someone else to get "in the middle", and also invest a great deal of time and effort. And even then they wouldn't be able to log into Primenet's web interface as their target's user (they would have the Username, but not the Password).
chalsall is offline   Reply With Quote
Old 2017-01-26, 15:51   #20
Madpoo
Serpentine Vermin Jar
 
Madpoo's Avatar
 
Jul 2014

3·1,087 Posts
Default

Quote:
Originally Posted by retina View Post
I never have any trouble with other sites, so unless you have done something particularly restrictive then it should be fine.
Give it a try then: https://www.mersenne.org

If "even Retina" can access it, then I think we can consider it effectively 100% browser compatible.
Madpoo is offline   Reply With Quote
Old 2017-01-26, 15:57   #21
henryzz
Just call me Henry
 
henryzz's Avatar
 
"David"
Sep 2007
Cambridge (GMT)

32·17·37 Posts
Default

Quote:
Originally Posted by Madpoo View Post
Give it a try then: https://www.mersenne.org

If "even Retina" can access it, then I think we can consider it effectively 100% browser compatible.
IE6? Was very popular once. I suppose you should be used to webpages not working on IE6 by now.
henryzz is offline   Reply With Quote
Old 2017-01-27, 01:39   #22
retina
Undefined
 
retina's Avatar
 
"The unspeakable one"
Jun 2006
My evil lair

22×32×151 Posts
Default

Quote:
Originally Posted by Madpoo View Post
Give it a try then: https://www.mersenne.org

If "even Retina" can access it, then I think we can consider it effectively 100% browser compatible.
Okay, it looks as though you have effectively achieved 100% browser compatibility.
retina is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
OFFICIAL "SERVER PROBLEMS" THREAD ewmayer PrimeNet 1838 2020-05-22 06:45
Official AVX-512 programming thread ewmayer Programming 31 2016-10-14 05:49
Primenet maintenance announcements Madpoo PrimeNet 7 2015-11-12 05:50
Official Peeved Pets Thread Prime95 Lounge 32 2015-10-02 04:17
Server maintenance thread Madpoo PrimeNet 9 2015-07-25 07:47

All times are UTC. The time now is 06:22.

Mon Jun 1 06:22:57 UTC 2020 up 68 days, 3:56, 2 users, load averages: 1.26, 1.35, 1.39

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.