HTTPS

Aug 29, 2015 at 2:20 PM
q3hardcore
q3hardcore
Senior Member
"Ha! Ha! Ha! Mega Man is no match for my Mimiga Man!"
Join Date: Jan 22, 2015
Location:
Posts: 249
It'd be cool if the site supported HTTPS, at least just for the signin page.
 
Sep 8, 2015 at 4:03 PM
andwhyisit
andwhyisit
Administrator
Forum Administrator
"Life begins and ends with Nu."
Join Date: Jul 15, 2007
Location: Australia
Posts: 6224
Age: 39
Pronouns: he/him
SSL certificates cost money. Unless you have an e-commerce website that takes payments onsite it generally isn't worth doing. All it does is prevent man-in-the-middle attacks, which are generally only worth the effort to hackers when credit card details are involved. Plus it should be noted that https doesn't make a site secure, it just makes http requests secure.
 
Last edited:
Sep 10, 2015 at 5:58 PM
20kdc
20kdc
Senior Member
"This is the greatest handgun ever made! You have to ask yourself, do I feel lucky?"
Join Date: Aug 2, 2014
Location: inactivity.
Posts: 115
Actually, I know of a solution to the money-related problems: "Let's Encrypt". (EDIT: A link: https://letsencrypt.org/ )
But, TBH, unless you use the same password across multiple sites it's not a problem.
 
Sep 10, 2015 at 11:21 PM
Hiino
Hiino
The Preacher
"Wacka-Wacka-Wacka-Wacka-Wacka-Wacka-Wacka-Wacka-BLEIUP"
Join Date: Feb 20, 2011
Location: lost in translation
Posts: 336
Age: 32
Pronouns: he/him
gamemanj said:
Actually, I know of a solution to the money-related problems: "Let's Encrypt". (EDIT: A link: https://letsencrypt.org/ )
But, TBH, unless you use the same password across multiple sites it's not a problem.
Click to expand...

Well that's kind of a thing a majority of users do
 
Sep 11, 2015 at 12:45 AM
andwhyisit
andwhyisit
Administrator
Forum Administrator
"Life begins and ends with Nu."
Join Date: Jul 15, 2007
Location: Australia
Posts: 6224
Age: 39
Pronouns: he/him
gamemanj said:
But, TBH, unless you use the same password across multiple sites it's not a problem.
Click to expand...
That is no less a problem with https than it is without. I must stress that https DOES NOT make a site secure, it just makes a user's connection to the site secure. And when I say connection I mean your internet connection, not your user accounts of anything related to the website. Plus it creates problems in the form of error messages if you use images that use a plain http url.
 
Last edited:
Sep 16, 2015 at 3:12 PM
20kdc
20kdc
Senior Member
"This is the greatest handgun ever made! You have to ask yourself, do I feel lucky?"
Join Date: Aug 2, 2014
Location: inactivity.
Posts: 115
andwhyisit said:
That is no less a problem with https than it is without. I must stress that https DOES NOT make a site secure, it just makes a user's connection to the site secure. And when I say connection I mean your internet connection, not your user accounts of anything related to the website. Plus it creates problems in the form of error messages if you use images that use a plain http url.
Click to expand...
I wasn't saying it makes the site magically "secure" - it certainly wouldn't prevent against bugs in the software or other nastiness - but making the connection secure is a Good Thing if there's a reason to.
Hiino said:
Well that's kind of a thing a majority of users do
Click to expand...
This is probably a good reason to use HTTPS when feasible.
(EDIT: Further explaination: If someone were to MITM between a user and the CSTSF, they could get their username + password. And if the password is shared between sites by that user, that makes a bad problem worse. HTTPS won't magic away all attack vectors, but it prevents some.)
 
Last edited:
You must log in or register to reply here.
Back
Top