Milovana.com

We just finishing switching Milovana over to using HTTPS/SSL/TLS/letter-soup. For the uninitiated, this means the NSA can no longer peek at the contents of your private forum and chat messages.

Ok, the NSA probably still can, but lesser intelligence services can't. Progress!

There is some work remaining. Chrome users for example may notice the green padlock turning yellow on certain pages - this is due to images being loaded externally without HTTPS. Unfortunately, some of our partners are fully on HTTPS yet, so I'm not sure when we'll be able to fix that. On the bright side, this problem does not compromise the security of private messages in any way.

If you are having any problems since the switch, please make sure you report them here. That's all I have for now! Thanks!

Wooo! Thank you seraph!

Thank You!!

I've been wanting SSL for a while, especially for the login page

Hopefully a quick question..

How come the login password has a maximum length of 30 characters?
If they are hashed using SHA1 then it shouldn't matter, unless the passwords are stored in plain text or use an older algorithm..

Woohow :D Seraph0x back in Business

Now. Any chance that the next tease editor will be launched during this decade ?

green

Wow..

Thank you!

Mat wrote:Hopefully a quick question..

How come the login password has a maximum length of 30 characters?
If they are hashed using SHA1 then it shouldn't matter, unless the passwords are stored in plain text or use an older algorithm..

Before you read my answer, you should know that I don't work here..

My guess is it probably has something to do with the integration between the forum and whatever the xmpp server is (guessing Openfire, Ejabberd or Prosody).. I use Ejabberd for my private project, and it requires plain text for password storage. I have no idea about Openfire or Prosody.

On the other hand, I could be way off. I've never seen the milovana server configuration/s and I doubt seraph0x is likely to let me have a peek anytime soon, lol.

About the SSL.. All I can say is... WOOT!!

freakygeak wrote:

Mat wrote:Hopefully a quick question..

How come the login password has a maximum length of 30 characters?
If they are hashed using SHA1 then it shouldn't matter, unless the passwords are stored in plain text or use an older algorithm..

Before you read my answer, you should know that I don't work here..

My guess is it probably has something to do with the integration between the forum and whatever the xmpp server is (guessing Openfire, Ejabberd or Prosody).. I use Ejabberd for my private project, and it requires plain text for password storage. I have no idea about Openfire or Prosody.

On the other hand, I could be way off. I've never seen the milovana server configuration/s and I doubt seraph0x is likely to let me have a peek anytime soon, lol.

(just saying at first I don't work at Milovana either)
The systems you described which seem to be messaging systems that use XMPP, those are for instant messaging and preserving messages when the receiver is not online. This has rather little to do with this website.
Milovana is a fork of phpBB (bulletin board software) and instead of having to send messages between servers, it has to store things like users and their usernames and passwords and teases with their text and pictures, for this a database is used. phpBB has support for multiple database systems, MySQL being globally the most used one, but in this case this doesn't exactly matter because all of the database systems allow you to choose what data to store and in what structure and therefor there's nothing restricting the hashing of passwords. (and phpBB always does hash passwords)

And because the passwords are hashed there's absolutely no reason to limit password length, there's only reason >not< to limit it.
Currently phpBB still limits password length, but now with a max of 100. I believe Milovana should update phpBB if possible or manually increase max password length or even remove the restriction completely.

freakygeak wrote:About the SSL.. All I can say is... WOOT!!

yup

I'm a little late reading about this, but thank you very much! SSL is a very welcome feature and I'm glad you've made it happen.

Hey, I just noticed this is my 420th post!!!