|
Title: Why is login to these forums not defaulted to HTTPS? <eom> Post by: Veldy on July 05, 2011, 07:15:39 AM <eom>
Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: josephholsten on July 07, 2011, 06:11:33 PM +1
Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: wumpus on July 07, 2011, 06:38:45 PM +1
I don't really understand why it still supports plaintext http at all. The only use for http servers is to redirect to https :) The reason for this used to be because the forum used a self-signed certificate that produced scary warnings in some browsers. This was solved a while ago, though, and we could easily go full https. Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: CanaryInTheMine on July 08, 2011, 12:00:57 AM With all the shenanigans with exchanges and DDOS against pools, it's only a matter of time till the forums fall victim to something...
Would SSL by default help avoid "some" problems? Probably. A cert is very inexpensive nowdays. I'm sure ppl would chip in for this purpose if we were asked to do so. Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: Veldy on July 08, 2011, 12:11:56 AM With all the shenanigans with exchanges and DDOS against pools, it's only a matter of time till the forums fall victim to something... Would SSL by default help avoid "some" problems? Probably. A cert is very inexpensive nowdays. I'm sure ppl would chip in for this purpose if we were asked to do so. It keeps your credentials encrypted at least which makes man in the middle attacks essentially not possible [I suppose if they have the certificate and somehow change DNS records ...]. Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: fitty on July 08, 2011, 03:55:28 AM With all the shenanigans with exchanges and DDOS against pools, it's only a matter of time till the forums fall victim to something... Would SSL by default help avoid "some" problems? Probably. A cert is very inexpensive nowdays. I'm sure ppl would chip in for this purpose if we were asked to do so. Chip in? You realize the people who started BTC have 100,000s of BTC right? Wildcard cert is like $200. Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: CanaryInTheMine on July 08, 2011, 04:32:12 AM With all the shenanigans with exchanges and DDOS against pools, it's only a matter of time till the forums fall victim to something... Would SSL by default help avoid "some" problems? Probably. A cert is very inexpensive nowdays. I'm sure ppl would chip in for this purpose if we were asked to do so. Chip in? You realize the people who started BTC have 100,000s of BTC right? Wildcard cert is like $200. So what? If the call came, ppl would chip in. Or you can lobby these people you are talking about to pay for it. Go for it! Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: theymos on July 08, 2011, 05:47:48 AM HTTPS might increase load too much for the server to handle.
The cookies also need to be made secure. Right now you'll send them over an insecure connection if you ever visit any HTTP page even if you use HTTPS normally. Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: CanaryInTheMine on July 08, 2011, 06:43:17 AM HTTPS might increase load too much for the server to handle. The cookies also need to be made secure. Right now you'll send them over an insecure connection if you ever visit any HTTP page even if you use HTTPS normally. Properly configured servers won't have any issues with SSL. Poor excuse. Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: wumpus on July 08, 2011, 07:56:46 AM HTTPS might increase load too much for the server to handle. You could try it out, though. I don't think the difference will be significant. Most of the work a forum server does is not related to the network but to database I/O, and secondly PHP logic generating the pages.Others, about the certificate: you don't need to "chip in" as there is already a proper certificate now. It was a problem of the past. Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: XIU on July 08, 2011, 08:10:43 AM It does support running the forum on https, or will the login explicitly go to the http page first?
Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: joepie91 on July 08, 2011, 12:33:10 PM HTTPS might increase load too much for the server to handle. The cookies also need to be made secure. Right now you'll send them over an insecure connection if you ever visit any HTTP page even if you use HTTPS normally. Properly configured servers won't have any issues with SSL. Poor excuse. Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: CanaryInTheMine on July 08, 2011, 03:20:45 PM I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL.
Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: joepie91 on July 08, 2011, 03:26:22 PM I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL. I don't think people are specifically arguing against SSL, but rather arguing against making it the default.Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: CanaryInTheMine on July 08, 2011, 03:35:50 PM I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL. I don't think people are specifically arguing against SSL, but rather arguing against making it the default.Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: drawoc on July 08, 2011, 04:15:03 PM Just to be clear to everyone reading this thread, you can already browse the forums with SSL. In the URL bar, simply add an s on the end of http, and you'll be good (Yes, they already have a cert).
The OP is about making this the default, not about adding SSL support. Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: wumpus on July 08, 2011, 05:14:54 PM I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL. +1no excuses, this is a cryptocurrency forum for fuck's sake, we need security by default, not after someone has exploited it already Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: Smalleyster on July 09, 2011, 05:44:40 AM I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL. +1no excuses, this is a cryptocurrency forum for fuck's sake, we need security by default, not after someone has exploited it already /aol on Me too! /aol off Title: Re: Why is login to these forums not defaulted to HTTPS? <eom> Post by: Jack of Diamonds on July 09, 2011, 12:31:58 PM I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL. +1no excuses, this is a cryptocurrency forum for fuck's sake, we need security by default, not after someone has exploited it already Best one line post since the forum's inception. And true. Why does everything need to be utterly broken before it's fixed and someone admits 'more could've been done' after the fact? The worst should be assumed always, 24/7. That's not pessimism, that's realism and that's how the world works. Weakness will be always exploited. |