Suggestion: Use https://

Post your topics and discussions here that you can't find a good section for.
Post Reply
weedman
What is cheating?
What is cheating?
Posts: 1
Joined: Sun Mar 26, 2017 11:23 pm
Reputation: 0

Suggestion: Use https://

Post by weedman » Sun Mar 26, 2017 11:24 pm

I suggest to add an SSL certificate for this website so it supports https:// connections.

FreeER
Novice Cheater
Novice Cheater
Posts: 19
Joined: Fri Mar 10, 2017 7:11 pm
Reputation: 0
Contact:

Re: Suggestion: Use https://

Post by FreeER » Sun Mar 26, 2017 11:46 pm

Supposedly there are some free options for ssl certificates now (like https://www.sslforfree.com/) but that's pretty much all I know on the subject lol

Sounds like a good idea, but then I really don't know anything about running a website/forum :lol:

edit: https://konklone.com/post/switch-to-https-now-for-free might have some more useful info...

User avatar
STN
Founder
Founder
Posts: 1174
Joined: Thu Mar 02, 2017 7:48 pm
Reputation: 65

Re: Suggestion: Use https://

Post by STN » Mon Mar 27, 2017 6:09 am

@FreeER Cloudflare allows free ssl too (it will take me 5 mins to implement here).

But I don't see a point to https? There isn't a shop being run here and the hassle of it is meh. If you know a good reason, let me know - i've thought about it and from my understanding it doesn't really give that much benefit. The brand name SSLs certs are too expensive (we will all have to chip in if we wanted to buy that) and that's the only type i like as it gives an authority to the site :D.

User avatar
++METHOS
Administration
Administration
Posts: 148
Joined: Thu Mar 02, 2017 9:02 pm
Reputation: 10

Re: Suggestion: Use https://

Post by ++METHOS » Mon Mar 27, 2017 10:22 am

Possibly concerned about the login page...

FreeER
Novice Cheater
Novice Cheater
Posts: 19
Joined: Fri Mar 10, 2017 7:11 pm
Reputation: 0
Contact:

Re: Suggestion: Use https://

Post by FreeER » Mon Mar 27, 2017 11:16 am

STN wrote:
Mon Mar 27, 2017 6:09 am
@FreeER Cloudflare allows free ssl too (it will take me 5 mins to implement here).
Cool, news to me, hopefully I'll remember that if it comes up again somewhere soon-ish :)
STN wrote:
Mon Mar 27, 2017 6:09 am
But I don't see a point to https?
Primarily this:
++METHOS wrote:
Mon Mar 27, 2017 10:22 am
Possibly concerned about the login page...
but apparently google is factoring it into it's rankings so that's a small thing as well, and I imagine it makes some people more comfortable to use https since most/all browsers display a green "secure" mark (and supposedly chrome will be showing a red "insecure" mark soon). Basically boils down to that as far as I know like this says https://forumpromotion.net/security-and ... -ssl-forum (security, confidence, and seo).

User avatar
++METHOS
Administration
Administration
Posts: 148
Joined: Thu Mar 02, 2017 9:02 pm
Reputation: 10

Re: Suggestion: Use https://

Post by ++METHOS » Mon Mar 27, 2017 11:27 am

Logins for CEF aren't encrypted, either:
Dark Byte wrote:they are hashed, but if you login the password is still sent as plain text.
so someone can just use a packet sniffer to find it
See here.

MaximusMJ
What is cheating?
What is cheating?
Posts: 3
Joined: Sun Apr 02, 2017 11:54 am
Reputation: 0

Re: Suggestion: Use https://

Post by MaximusMJ » Sun Apr 02, 2017 12:14 pm

Just out of curiousity: how are the passwords of this site stored? salts, iterations? and why not encrypt passwords? just because CEF doesnt do it?
My firefox always warns me when i want to enter the password, because its not encrypted.

Eric
Administration
Administration
Posts: 32
Joined: Thu Mar 02, 2017 11:01 pm
Reputation: 9

Re: Suggestion: Use https://

Post by Eric » Sun Apr 02, 2017 1:40 pm

it doesn't matter how this site stores passwords, but just because it's not using https it's 'unsafe'

if this site where to use https but store all passwords in plain text in a passwords.txt readable by everyone, it would be classified as 'safe' to firefox.

so think about that when your browser is scaring you that something is unsafe

User avatar
igromanru
Cheater
Cheater
Posts: 31
Joined: Sat Mar 25, 2017 11:20 pm
Reputation: 5

Re: Suggestion: Use https://

Post by igromanru » Sun Apr 02, 2017 7:21 pm

Eric wrote:
Sun Apr 02, 2017 1:40 pm
it doesn't matter how this site stores passwords, but just because it's not using https it's 'unsafe'

if this site where to use https but store all passwords in plain text in a passwords.txt readable by everyone, it would be classified as 'safe' to firefox.

so think about that when your browser is scaring you that something is unsafe
The point is, that all people nowadays got a smartphone and many places got public wifi.
HTTPS protects you from the man in the middle attack that can happen fast trough an unknown network.
Also read Why HTTPS Matters

Eric
Administration
Administration
Posts: 32
Joined: Thu Mar 02, 2017 11:01 pm
Reputation: 9

Re: Suggestion: Use https://

Post by Eric » Mon Apr 03, 2017 12:09 am

Just don't use the same password for everything so when someone sees your password it's no issue

User avatar
Darkedone02
Fearless Donors
Fearless Donors
Posts: 87
Joined: Thu Mar 02, 2017 11:42 pm
Reputation: 1

Re: Suggestion: Use https://

Post by Darkedone02 » Wed Apr 05, 2017 11:54 pm

To bring up further infomation on why we need to adapt the http:// usage is this reason of the dirty gov of today!

http://www.theverge.com/2017/4/3/151055 ... versal-fcc

BYE BYE INTERNET PRIVACY! ADVERTISERS GOT IT! all thanks to trump and the lunatic party (republicans) of the USA.

Last I've heard, websites of adult entertainment like pornhub have started doing their https encyption and trying to fight against the republicans as well from this bill and possibly anything else. This april fools joke that they did pretty much bring in the scare of everyone...

http://mashable.com/2017/04/01/pornhub- ... YWt.pByiqu
http://www.econotimes.com/Pornhub-And-Y ... ion-622162
http://www.theverge.com/2017/3/30/15125 ... on-privacy

Best start using programs like "HTTPS EVERYWHERE" for firefox/chrome users... helps out on alot of websites.

Next thing trump will go against us after this.... net neutality? better make sure all freebies get access to fast lane now.

https://www.nytimes.com/2017/02/05/tech ... rules.html

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest