Forum Upgrades and Avatar Changes

Forum announcements are posted here. New cool features, scheduled backups and maintenance, you name it.
Post Reply
User avatar
Site Admin
Site Admin
Posts: 1343
Joined: Sun Aug 29, 2004 7:14 pm
Location: Salt Lake City, Utah, USA

Forum Upgrades and Avatar Changes

Post by tierra » Thu Oct 02, 2014 5:54 am

The forums have been upgraded to a new server today, along with a newly provisioned SSL certificate. We're now redirecting all non-SSL traffic to secure URLs, which is great since your login passwords are no longer sent in the clear, and your session cookies can no longer be hijacked over the wifi at your local coffee shop.

There are a couple notable side-effects to this major security upgrade though.

1. Profile Avatars

Up until this point, we've allowed users to hotlink directly to their avatar hosted externally. This included avatars hosted on non-secure servers, which results in mixed-content warnings while browsing the forum's secure pages. We have turned this feature off now. It's important to note that you can *still* use custom avatars like mine. Instead, you'll be required to upload it to the forums directly instead now, where it can be served securely.

2. BBCode Images

As this site inherently includes user-generated content, we fully expect users to continue using the BBCode img tags in posts to hotlink post content images. We won't be disabling this feature due to it's heavy use in posts before now, but also because it's still very useful. You will occasionally continue to see mixed content warnings throughout some forum threads where users have used those BBCodes to hotlink insecure images, but you can rest easy knowing your session on the forums is still secure.

As an alternative, I would encourage users to attach images to their posts using the attachments system. This will provide a nice thumbnail, has very loose restrictions on file and image sizes, and should be more than adequate for most situations where you would use img BBCodes. The difference here is that your attachments will always be served securely, and we can all avoid mixed content warnings.

Post Reply