Soldato
OcUK forums and https
- Thread starter Devrij
- Start date
Man of Honour
We may jest, but it's a good point. It's very silly not having login details encrypted.
I just noticed that my login details aren't encrypted when I was messing about with my network last night and thought that with the number of people on here every day there are bound to be a few using the same password and email combo elsewhere. So I figured it was a bit of a security risk and thought I would ask. I know what they are like for adding features, but figured security would be fairly key to them. You could probably sit in their shop and get the details for an admin account while you collected your order if you wanted to.
Man of Honour
I'll raise this with the admins.
Vbulletin hashes the passwords when it transmits. But SSL would be much better. But it costs, unless you create a self signed cert. The problem with self signed certs is they throw up warnings. Most people see the warning and think "oh **** I'm not going that way".
Mozilla and the EFF (who gave us HTTPS everywhere) are also creating a free self signing certificate authority (so you don't have to pay the extortionate prices of certificate authorities, or end up with dodgy certs forced into your OS like Lenovo did) with let's encrypt.
https://letsencrypt.org/
Mozilla and the EFF (who gave us HTTPS everywhere) are also creating a free self signing certificate authority (so you don't have to pay the extortionate prices of certificate authorities, or end up with dodgy certs forced into your OS like Lenovo did) with let's encrypt.
https://letsencrypt.org/
Actually no, you can't.
The plugin will connect to the HTTPS version of a site if available (it isn't for OcUK for example). It won't magically install HTTPS capability on sites that don't support it.
Yeah go back and read the entirety of what you just quoted.
It doesn't make a difference - your opening sentence is wrong, and not really useful here as OcUK doesn't have a HTTPS cert for the forums subdomain.
I apologise for not correctly constructing my sentencing to meet your anally retentive needs. Continue to ignore the fact I stated in the post you chose to cherry pick "if it's available".
Man of Honour
Quit the bitching please.
Soldato
RapidSSL charge 49USD for a basic SSL and Godaddy works out around £50 for one. So cost is not an excuse.
Moving to SSL would put some extra CPU load on the forum server(s) and the HTTPs handshakes means extra bandwidth use.
I thought one of the admins paid for and hosted the forum and it wasn't linked to the shop? So there's a cost issue there in regards to paying for a cert.
But good point about the load and bandwidth. This forum does have it's... moments (like 12pm every night for 3 minutes).
Depending on how the forums are hosted, a lot of modern firewalls do full SSL offload meaning there is no CPU load on the servers. Even if they don't, the CPU load is fairly insignificant. Bandwidth isn't an issue.
Its nothing to do with sentence structure! It was just wrong! Saying a plugin gives you HTTPS everywhere is misleading and might lead people to an incorrect conclusion.
You regurgitated what I said and then bitched about how I said it.
Again. I apologise for not being anally retentive in my sentencing structure.
Man of Honour
Basically there is no good reason not to do SSL.
Soldato
Never fails to amaze that how a shop that is dedicated to selling the latest tech can be so backwards with its forum software.
Not having a mobile theme is also ridiculous for a forum in 2015.
Not having a mobile theme is also ridiculous for a forum in 2015.
Oh for God sake man, you said something that was wrong. Pointing it out isn't anal retention! Give it up.
Maybe if you'd read the entire post before cherry picking the first part and then bitching about how I structured it, despite the fact you said exactly the same thing, only in a different order, including using the term "available" we wouldn't be having this argument. But whatever.