Talk:SSL Encryption

From AniDB
Revision as of 01:23, 19 November 2012 by Dantman (talk | contribs) (→‎Security?: new section)
Jump to navigation Jump to search

The stated SSL cert fingerprints appear out of date:

Notary Lookup for: anidb.net:443,2 Browser's Key = '95:ee:24:b6:c6:5d:32:74:a1:50:48:bb:73:7a:93:ea' Results: Quorum duration: 0.1 days Notary Observations:

Notary: cmu.ron.lcs.mit.edu:8080 ssl key: '95:ee:24:b6:c6:5d:32:74:a1:50:48:bb:73:7a:93:ea' start: 1303548229 - Sat Apr 23 2011 end: 1303548232 - Sat Apr 23 2011

Notary: convoke.ron.lcs.mit.edu:8080 ssl key: '39:ba:e3:5b:90:a0:c4:ff:1b:c7:32:00:67:bc:ca:aa' start: 1270897465 - Sat Apr 10 2010 end: 1272922215 - Mon May 03 2010 ssl key: '95:ee:24:b6:c6:5d:32:74:a1:50:48:bb:73:7a:93:ea' start: 1272922216 - Mon May 03 2010 end: 1303542914 - Sat Apr 23 2011

Notary: mvn.ron.lcs.mit.edu:8080 ssl key: '95:ee:24:b6:c6:5d:32:74:a1:50:48:bb:73:7a:93:ea' start: 1303542022 - Sat Apr 23 2011 end: 1303542434 - Sat Apr 23 2011

Notary: hostway.ron.lcs.mit.edu:8080 ssl key: '39:ba:e3:5b:90:a0:c4:ff:1b:c7:32:00:67:bc:ca:aa' start: 1270897465 - Sat Apr 10 2010 end: 1272957971 - Tue May 04 2010 ssl key: '95:ee:24:b6:c6:5d:32:74:a1:50:48:bb:73:7a:93:ea' start: 1272957972 - Tue May 04 2010 end: 1303542973 - Sat Apr 23 2011

Security?

"All requests for images, stylesheets and other page elements are NOT encrypted. Such requests should usually not be directed towards "anidb.net" but rather towards specific subdomains [and] do not include the AniDB authentication cookies and should thus not allow attackers to hijack your AniDB session."

You guys are aware there are ways to use css to trick various browsers into executing scripts, and hence running code that hijacks sessions and bypasses https... right? Dantman 02:23, 19 November 2012 (CET)