Page 1 of 1

HTTPS?

Posted: 17 Apr 2014, 03:13
by housefan111
Hi all,

Would it be possible for you guys to implement SSL/TLS on your server for a secure HTTPS connection? This would be especially good on the forum. As it is right now, when users log in, their username and password are transmitted in plain text over the internet, which is not very good for security. :(

Re: HTTPS?

Posted: 18 Apr 2014, 19:18
by anna
housefan111 wrote:Would it be possible for you guys to implement SSL/TLS on your server for a secure HTTPS connection?
It is probably technically possible but it would add nothing to the forum. It would be sort of having an extremely safe front door while leaving the backdoor open. I try to keep this place as safe as possible but a forum like this is not very safe anyway. Never keep personal information in your account, such as in PM or your user profile and never post anything that can identify you and you should be safe. If someone really want to gain access to your account they will find a way with or without HTTPS.

Re: HTTPS?

Posted: 18 Apr 2014, 20:51
by bound_jenny
anna wrote:Never keep personal information in your account, such as in PM or your user profile and never post anything that can identify you and you should be safe.
Exactly my thoughts. I've been following that advice (and everywhere else on the Internet) since I've been here and no one has come knocking on my door saying "You're Bound Jenny!" No one has stolen my personal information because there isn't any. My computer is protected so nobody will get it from there either.

The moral of the story is, if you don't want anyone to take your info, don't leave it lying around.

Jenny.

Re: HTTPS?

Posted: 03 Dec 2017, 04:17
by pavtron
HTTPS is more then a secure front door. I encrypt everything even on my local network. It can even be done for free. https://letsencrypt.org/

Re: HTTPS?

Posted: 03 Dec 2017, 13:08
by KinkInSpace
Agreed, and it will soon be that the major browsers will block sites that do not use HTTPS (or rather any login form). I estimate this happen 2018 or 2019, given that the more popular browsers already started to post big warnings on login forms that do not use HTTPS saying: "This site is not safe! Continue anyway?" And Google already announced that they are going to block https in the near future. When Google does that, the other major browsers will soon follow.