Suggestion: Use https://

[weedman]

I suggest to add an SSL certificate for this website so it supports https:// connections.

[FreeER]

Supposedly there are some free options for ssl certificates now (like https://www.sslforfree.com/) but that's pretty much all I know on the subject lol

Sounds like a good idea, but then I really don't know anything about running a website/forum

edit: https://konklone.com/post/switch-to-https-now-for-free might have some more useful info...

[STN]

@FreeER Cloudflare allows free ssl too (it will take me 5 mins to implement here).

But I don't see a point to https? There isn't a shop being run here and the hassle of it is meh. If you know a good reason, let me know - i've thought about it and from my understanding it doesn't really give that much benefit. The brand name SSLs certs are too expensive (we will all have to chip in if we wanted to buy that) and that's the only type i like as it gives an authority to the site .

[++METHOS]

Possibly concerned about the login page...

[FreeER]

@FreeER Cloudflare allows free ssl too (it will take me 5 mins to implement here).

Cool, news to me, hopefully I'll remember that if it comes up again somewhere soon-ish

But I don't see a point to https?

Primarily this:

Possibly concerned about the login page...

but apparently google is factoring it into it's rankings so that's a small thing as well, and I imagine it makes some people more comfortable to use https since most/all browsers display a green "secure" mark (and supposedly chrome will be showing a red "insecure" mark soon). Basically boils down to that as far as I know like this says https://forumpromotion.net/security-and ... -ssl-forum (security, confidence, and seo).

[++METHOS]

Logins for CEF aren't encrypted, either:

they are hashed, but if you login the password is still sent as plain text.
so someone can just use a packet sniffer to find it

See here.

[MaximusMJ]

Just out of curiousity: how are the passwords of this site stored? salts, iterations? and why not encrypt passwords? just because CEF doesnt do it?
My firefox always warns me when i want to enter the password, because its not encrypted.

[Eric]

it doesn't matter how this site stores passwords, but just because it's not using https it's 'unsafe'

if this site where to use https but store all passwords in plain text in a passwords.txt readable by everyone, it would be classified as 'safe' to firefox.

so think about that when your browser is scaring you that something is unsafe

[igromanru]

it doesn't matter how this site stores passwords, but just because it's not using https it's 'unsafe'

if this site where to use https but store all passwords in plain text in a passwords.txt readable by everyone, it would be classified as 'safe' to firefox.

so think about that when your browser is scaring you that something is unsafe

The point is, that all people nowadays got a smartphone and many places got public wifi.
HTTPS protects you from the man in the middle attack that can happen fast trough an unknown network.
Also read Why HTTPS Matters

[Eric]

Just don't use the same password for everything so when someone sees your password it's no issue

[Darkedone02]

To bring up further infomation on why we need to adapt the http:// usage is this reason of the dirty gov of today!

http://www.theverge.com/2017/4/3/151055 ... versal-fcc

BYE BYE INTERNET PRIVACY! ADVERTISERS GOT IT! all thanks to trump and the lunatic party (republicans) of the USA.

Last I've heard, websites of adult entertainment like pornhub have started doing their https encyption and trying to fight against the republicans as well from this bill and possibly anything else. This april fools joke that they did pretty much bring in the scare of everyone...

http://mashable.com/2017/04/01/pornhub- ... YWt.pByiqu
http://www.econotimes.com/Pornhub-And-Y ... ion-622162
http://www.theverge.com/2017/3/30/15125 ... on-privacy

Best start using programs like "HTTPS EVERYWHERE" for firefox/chrome users... helps out on alot of websites.

Next thing trump will go against us after this.... net neutality? better make sure all freebies get access to fast lane now.

https://www.nytimes.com/2017/02/05/tech ... rules.html