Firefox and Chrome cache HTML extremely aggresively, more so than other browsers, and this is what makes them “fast”. This behavior is special to those browsers because they cache HTTP redirects as well(no other browsers do this), even if the redirect has already been changed. Clear your cache on either and the site should work fine.
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.
Security is never a waste of time. Anytime you can take security measures, you should. Lets take a look at some examples why system security is worthy of time devoted to it. First lets assume that the issue tracker will use the same credentials that the forums use. Next lets assume they neglected to encrypt their responses. Lastly lets assume the person who is the victim to be using an open network (Coffee shops, Mc Donalds, etc). There happens to be a hacker inside of the same network as the victim; the victim is submitting an issue , but noticed they had to login before they did. Once they login the information is sent to the sponge servers as plain bytes that can be easily read. Now the hacker has these details: The website it was posted to, the user credentials, the user cookies (once the response is received). With all of these details the hacker can now trick the server that they are now the victim and proceed to preform malicious activities. Now for the next example, lets use that last scenario. Instead of using the information and then posting spam ads, or links, etc… the hacker now uses it to collect information about the victim. Lastly, I would like to add that you can be at your own home, on a private network that is as secure and you can possibly make it, but if the web server is submitting un-encrypted data then any one at the end point (IE: at the data center in which it is hosted) can monitor all traffic and store the information.
Now those probably were not the best examples, but they convey the message that security is a necessity anytime you submit any type of data. For normal users, it seems like a waste of time, but in the end they are just protecting the community from phishers, and identity theft (Posing as your account) among a variety of other things.
Read the above. Also keep in mind that Sponge is shooting to be another major server provider1 comparable to Bukkit. What I mean by that is Sponge may come to partner with a third party to host plugins (like Curse2), which then opens the doors to hackers to have the potential to gained access not to just one site (Sponge) but now that third party (IE Curse).
Anyhow, sorry for the wall of text. If you didn’t read it all, just note that security should be a priority no matter what.
Interesting . But to avoid confusion, my “waste of time…” was actually meant for the hacker that would have tried it. But oke I think I got it :).
When I was writing that post I was thinking financially. As SSL certificates aren’t really euh cheap (on top of student loans and other stuff). Also when writing, I forgot how easy it is to MITMA “free”-internet wifi’s and hot-spots.
Than raises the follow question, who is paying these certificates and hosting? The sponsors? I could understand that creeperhost has some financial belongings to sponge. As nobody would sell their packages if they can not mod their servers.