Bitcoin Forum
June 29, 2024, 09:33:50 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Other > Meta > HSTS implementation to improve HTTPS in bitcointalk
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: HSTS implementation to improve HTTPS in bitcointalk  (Read 496 times)
rme (OP)
Hero Member
*****
Offline Offline

Activity: 756
Merit: 504



View Profile
November 23, 2013, 10:28:19 PM
 #1
I know I have suggested this two times but I consider it necessary.



Please enable HSTS to avoid sslstrip or a MITM replacing the http page.
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

With PHP check if the page is been served in HTTP, if so redirect to HTTPS.
In HTTPS set the HSTS header:
Code:
header("strict-transport-security: max-age=31536000");
(Example implementation in PHP).

That tells the browser to only use the HTTPS versión of bitcointalk.org for a year (31536000 seconds).
So, my browser will go directly to https even if I have no internet conection.
rme (OP)
Hero Member
*****
Offline Offline

Activity: 756
Merit: 504



View Profile
November 24, 2013, 10:58:05 AM
 #2
Up
Pages: [1]
  Print  
Bitcoin Forum > Other > Meta > HSTS implementation to improve HTTPS in bitcointalk
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!