Sidosi has now taken a big step into the present, and it benefits all of YOU! It may not be very visible (more on that later), but Sidosi is now more secure than ever, thanks to the implementation of several standard website security features. The previous forum software update (and future updates) help protect the server from malicious attacks, which ultimately protects all of you users, but today's update helps protect all of you in the case that an attacker does manage to put something malicious on the website.

I'll spare the technical explanations, but here's a list with links of everything that's been implemented:
  • HTTPS - Encrypts the communications between your computer and this website
  • HSTS - Ensures that your connection to this website will always use HTTPS
  • CSP - Blocks malicious scripts that are typically hosted on other (bad) websites
  • Referrer-Policy - Prevents another website from knowing the last Sidosi page you visited when you click on a non-HTTPS link to that website
  • X-Content-Type-Options - Blocks a method attackers commonly use to upload malicious scripts to a website
  • X-Frame-Options - Blocks a common method of other website pretending to be this website and collecting usernames/passwords
  • X-XSS-Protection - Similar to CSP, but for legacy browsers
To give a more user-friendly view of what all of this means, I ran sidosi.org through a website security scanner, Mozilla's Observatory, made by the creator of the Firefox web browser.
observatory_sidosi_before_1.png
Before (F)
observatory_sidosi_after_1.png
After (B+)
A before and after of several third-party website security scanners that Observatory also runs the website through, with similar improvements in score:
observatory_sidosi_before_3.png
Before (F's)
observatory_sidosi_after_3.png
After (A's)
Finally, probably the most noticeable improvement to non-tech people, the "before" part only visible on Google Chrome, but the "after" part visible to everyone:
sidosi_address_bar_before.png
Before (Not Secure)
sidosi_address_bar_after.png
After (Secure)
All of this adds together to make Sidosi a much more secure and safer website than before. Ultimately, the goal is to score an A or A+ on the Observatory test, but properly implementing CSP will take some time, and like some other security features I looked into, may not be possible to fully implement due to technical limitations. To even implement what I did, I had to rip out all of Sidosi's old code, so the pages may look the same, but they're shells of their former selves waiting for the big redesign. Well, at least they're more secure.

Because this update involved changing a lot of things that affect the whole website, please report any issues via the Website Support forum, the Contact form, the Discord, or any other way you know how to contact me.