Suggestion: Use https://

weedman

What is cheating?
Mar 27, 2017
2
0
1
#1
I suggest to add an SSL certificate for this website so it supports https:// connections.
 

FreeER

RCE Fanatics
Talents
Mar 10, 2017
92
4
8
#2
Supposedly there are some free options for ssl certificates now (like https://www.sslforfree.com/) but that's pretty much all I know on the subject lol

Sounds like a good idea, but then I really don't know anything about running a website/forum :lol:

edit: https://konklone.com/post/switch-to-https-now-for-free might have some more useful info...
 

STN

Pleb
Staff member
Administrator
Mar 2, 2017
3,066
77
48
#3
@FreeER Cloudflare allows free ssl too (it will take me 5 mins to implement here).

But I don't see a point to https? There isn't a shop being run here and the hassle of it is meh. If you know a good reason, let me know - i've thought about it and from my understanding it doesn't really give that much benefit. The brand name SSLs certs are too expensive (we will all have to chip in if we wanted to buy that) and that's the only type i like as it gives an authority to the site :D.
 

FreeER

RCE Fanatics
Talents
Mar 10, 2017
92
4
8
#5
STN post_id=2845 time=1490594967 user_id=48 said:
@FreeER Cloudflare allows free ssl too (it will take me 5 mins to implement here).
Cool, news to me, hopefully I'll remember that if it comes up again somewhere soon-ish :)
STN post_id=2845 time=1490594967 user_id=48 said:
But I don't see a point to https?
Primarily this:
++METHOS post_id=2872 time=1490610134 user_id=54 said:
Possibly concerned about the login page...
but apparently google is factoring it into it's rankings so that's a small thing as well, and I imagine it makes some people more comfortable to use https since most/all browsers display a green "secure" mark (and supposedly chrome will be showing a red "insecure" mark soon). Basically boils down to that as far as I know like this says https://forumpromotion.net/security-and-privacy/pros-cons-ssl-forum (security, confidence, and seo).
 

++METHOS

Expert Cheater
Mar 2, 2017
203
1
18
#6
Logins for CEF aren't encrypted, either:
Dark Byte said:
they are hashed, but if you login the password is still sent as plain text.
so someone can just use a packet sniffer to find it
See here.
 
Apr 2, 2017
5
0
1
#7
Just out of curiousity: how are the passwords of this site stored? salts, iterations? and why not encrypt passwords? just because CEF doesnt do it?
My firefox always warns me when i want to enter the password, because its not encrypted.
 

Eric

Administrator
Administrator
Mar 2, 2017
43
9
8
#8
it doesn't matter how this site stores passwords, but just because it's not using https it's 'unsafe'

if this site where to use https but store all passwords in plain text in a passwords.txt readable by everyone, it would be classified as 'safe' to firefox.

so think about that when your browser is scaring you that something is unsafe
 
Mar 25, 2017
34
0
6
#9
Eric post_id=3580 time=1491140402 user_id=59 said:
it doesn't matter how this site stores passwords, but just because it's not using https it's 'unsafe'

if this site where to use https but store all passwords in plain text in a passwords.txt readable by everyone, it would be classified as 'safe' to firefox.

so think about that when your browser is scaring you that something is unsafe
The point is, that all people nowadays got a smartphone and many places got public wifi.
HTTPS protects you from the man in the middle attack that can happen fast trough an unknown network.
Also read Why HTTPS Matters
 

Eric

Administrator
Administrator
Mar 2, 2017
43
9
8
#10
Just don't use the same password for everything so when someone sees your password it's no issue
 

Darkedone02

Expert Cheater
Mar 2, 2017
314
4
18
#11
To bring up further infomation on why we need to adapt the http:// usage is this reason of the dirty gov of today!

http://www.theverge.com/2017/4/3/15105582/trump-signs-internet-privacy-rule-reversal-fcc

BYE BYE INTERNET PRIVACY! ADVERTISERS GOT IT! all thanks to trump and the lunatic party (republicans) of the USA.

Last I've heard, websites of adult entertainment like pornhub have started doing their https encyption and trying to fight against the republicans as well from this bill and possibly anything else. This april fools joke that they did pretty much bring in the scare of everyone...

http://mashable.com/2017/04/01/pornhub-april-fools/#8xYWt.pByiqu
http://www.econotimes.com/Pornhub-And-YouPorn-Bolster-Privacy-System-In-Response-To-Controversial-Congress-Decision-622162
http://www.theverge.com/2017/3/30/15125048/pornhub-youporn-https-encryption-privacy

Best start using programs like "HTTPS EVERYWHERE" for firefox/chrome users... helps out on alot of websites.

Next thing trump will go against us after this.... net neutality? better make sure all freebies get access to fast lane now.

https://www.nytimes.com/2017/02/05/technology/trumps-fcc-quickly-targets-net-neutrality-rules.html
 

r4n71

What is cheating?
Mar 12, 2017
2
0
1
#12
Hi there,

first of all thx for this forum.
second where are the problems to use Let's Encrypt for https?

All what I read by now confused me a little:

On the one hand you create a new forum for CE, because the old one is "old". And it also seems to be impossibel to create a new account or retreat a new password, but this another story.
So on the one hand you create a new forum in your freetime, but on the other one you do not the simplest thing of all, even it its is for free by now, to protect you work, by using ssl cert.
It's like build a twin-house one finished, one with unfinisehd roof. Don't wonder if you have to do a core removal after a short time, caused by mildew.

If you need any help, I am avaible.

With regards
 
Top Bottom