Bitcoin Forum
December 10, 2016, 12:51:59 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Why is login to these forums not defaulted to HTTPS? <eom>  (Read 1684 times)
Veldy
Member
**
Offline Offline

Activity: 98



View Profile
July 05, 2011, 07:15:39 AM
 #1

<eom>

If you have found my post helpful, please donate what you feel it is worth: 18vaZ4K62WiL6W2Qoj9AE1cerfCHRaUW4x
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481374319
Hero Member
*
Offline Offline

Posts: 1481374319

View Profile Personal Message (Offline)

Ignore
1481374319
Reply with quote  #2

1481374319
Report to moderator
1481374319
Hero Member
*
Offline Offline

Posts: 1481374319

View Profile Personal Message (Offline)

Ignore
1481374319
Reply with quote  #2

1481374319
Report to moderator
1481374319
Hero Member
*
Offline Offline

Posts: 1481374319

View Profile Personal Message (Offline)

Ignore
1481374319
Reply with quote  #2

1481374319
Report to moderator
josephholsten
Newbie
*
Offline Offline

Activity: 18


yep, I'm with bitp.it


View Profile WWW
July 07, 2011, 06:11:33 PM
 #2

+1

Mine @  <http://pool.bitp.it>
Chat with us @ irc://irc.freenode.net/#bitp.it
Learn more about our pool @ <http://forum.bitcoin.org/index.php?topic=12181.0>
wumpus
Hero Member
*****
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
July 07, 2011, 06:38:45 PM
 #3

+1

I don't really understand why it still supports plaintext http at all. The only use for http servers is to redirect to https Smiley

The reason for this used to be because the forum used a self-signed certificate that produced scary warnings in some browsers. This was solved a while ago, though, and we could easily go full https.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
CanaryInTheMine
Donator
Legendary
*
Offline Offline

Activity: 1526


between a rock and a block!


View Profile
July 08, 2011, 12:00:57 AM
 #4

With all the shenanigans with exchanges and DDOS against pools, it's only a matter of time till the forums fall victim to something...
Would SSL by default help avoid "some" problems?  Probably.

A cert is very inexpensive nowdays. I'm sure ppl would chip in for this purpose if we were asked to do so.

| In Default we Trust | Need gold/silver for btc? | Buy bitcoins |
Veldy
Member
**
Offline Offline

Activity: 98



View Profile
July 08, 2011, 12:11:56 AM
 #5

With all the shenanigans with exchanges and DDOS against pools, it's only a matter of time till the forums fall victim to something...
Would SSL by default help avoid "some" problems?  Probably.

A cert is very inexpensive nowdays. I'm sure ppl would chip in for this purpose if we were asked to do so.

It keeps your credentials encrypted at least which makes man in the middle attacks essentially not possible [I suppose if they have the certificate and somehow change DNS records ...].

If you have found my post helpful, please donate what you feel it is worth: 18vaZ4K62WiL6W2Qoj9AE1cerfCHRaUW4x
fitty
Full Member
***
Offline Offline

Activity: 238


View Profile
July 08, 2011, 03:55:28 AM
 #6

With all the shenanigans with exchanges and DDOS against pools, it's only a matter of time till the forums fall victim to something...
Would SSL by default help avoid "some" problems?  Probably.

A cert is very inexpensive nowdays. I'm sure ppl would chip in for this purpose if we were asked to do so.

Chip in? You realize the people who started BTC have 100,000s of BTC right? Wildcard cert is like $200.
CanaryInTheMine
Donator
Legendary
*
Offline Offline

Activity: 1526


between a rock and a block!


View Profile
July 08, 2011, 04:32:12 AM
 #7

With all the shenanigans with exchanges and DDOS against pools, it's only a matter of time till the forums fall victim to something...
Would SSL by default help avoid "some" problems?  Probably.

A cert is very inexpensive nowdays. I'm sure ppl would chip in for this purpose if we were asked to do so.

Chip in? You realize the people who started BTC have 100,000s of BTC right? Wildcard cert is like $200.


So what?  If the call came, ppl would chip in.  Or you can lobby these people you are talking about to pay for it.  Go for it!

| In Default we Trust | Need gold/silver for btc? | Buy bitcoins |
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2506


View Profile
July 08, 2011, 05:47:48 AM
 #8

HTTPS might increase load too much for the server to handle.

The cookies also need to be made secure. Right now you'll send them over an insecure connection if you ever visit any HTTP page even if you use HTTPS normally.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
CanaryInTheMine
Donator
Legendary
*
Offline Offline

Activity: 1526


between a rock and a block!


View Profile
July 08, 2011, 06:43:17 AM
 #9

HTTPS might increase load too much for the server to handle.

The cookies also need to be made secure. Right now you'll send them over an insecure connection if you ever visit any HTTP page even if you use HTTPS normally.

Properly configured servers won't have any issues with SSL. Poor excuse.

| In Default we Trust | Need gold/silver for btc? | Buy bitcoins |
wumpus
Hero Member
*****
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
July 08, 2011, 07:56:46 AM
 #10

HTTPS might increase load too much for the server to handle.
You could try it out, though. I don't think the difference will be significant. Most of the work a forum server does is not related to the network but to database I/O, and secondly PHP logic generating the pages.

Others, about the certificate: you don't need to "chip in" as there is already a proper certificate now. It was a problem of the past.

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
XIU
Member
**
Offline Offline

Activity: 84


View Profile
July 08, 2011, 08:10:43 AM
 #11

It does support running the forum on https, or will the login explicitly go to the http page first?

1xiuHwHk81j4TRnLuLBMvH2ctqtTsubT6
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
July 08, 2011, 12:33:10 PM
 #12

HTTPS might increase load too much for the server to handle.

The cookies also need to be made secure. Right now you'll send them over an insecure connection if you ever visit any HTTP page even if you use HTTPS normally.

Properly configured servers won't have any issues with SSL. Poor excuse.

SSL does actually cause extra server load, even if it's just a little. For something that is under DDoS rather often (like these forums) that may be a dealbreaker.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
CanaryInTheMine
Donator
Legendary
*
Offline Offline

Activity: 1526


between a rock and a block!


View Profile
July 08, 2011, 03:20:45 PM
 #13

I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL.

| In Default we Trust | Need gold/silver for btc? | Buy bitcoins |
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
July 08, 2011, 03:26:22 PM
 #14

I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL.
I don't think people are specifically arguing against SSL, but rather arguing against making it the default.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
CanaryInTheMine
Donator
Legendary
*
Offline Offline

Activity: 1526


between a rock and a block!


View Profile
July 08, 2011, 03:35:50 PM
 #15

I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL.
I don't think people are specifically arguing against SSL, but rather arguing against making it the default.
Whatever... Just make it happen please.  Let us know how we can help. Thanks.

| In Default we Trust | Need gold/silver for btc? | Buy bitcoins |
drawoc
Full Member
***
Offline Offline

Activity: 168

Firstbits: 175wn


View Profile
July 08, 2011, 04:15:03 PM
 #16

Just to be clear to everyone reading this thread, you can already browse the forums with SSL. In the URL bar, simply add an s on the end of http, and you'll be good (Yes, they already have a cert).

The OP is about making this the default, not about adding SSL support.

Donate: 175WNXmJ1WVhFgVGKUqEhYtAQGRYAvqPA
wumpus
Hero Member
*****
Offline Offline

Activity: 798

No Maps for These Territories


View Profile
July 08, 2011, 05:14:54 PM
 #17

I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL.
+1
no excuses, this is a cryptocurrency forum for fuck's sake, we need security by default, not after someone has exploited it already

Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through FileBackup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
Smalleyster
Member
**
Offline Offline

Activity: 70


I yam what I yam. - Popeye


View Profile WWW
July 09, 2011, 05:44:40 AM
 #18

I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL.
+1
no excuses, this is a cryptocurrency forum for fuck's sake, we need security by default, not after someone has exploited it already

/aol on

Me too!

/aol off

Feel like investing in a Miner?:
http://bitcointalk.org/index.php?topic=30044.msg377773#msg377773
A soup to nuts newbee system for a secure, portable USB wallet (free instructions):
NoobHowTo: http://bitcointalk.org/index.php?topic=27088.msg341387#msg341387
Jack of Diamonds
Sr. Member
****
Offline Offline

Activity: 252



View Profile
July 09, 2011, 12:31:58 PM
 #19

I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL.
+1
no excuses, this is a cryptocurrency forum for fuck's sake, we need security by default, not after someone has exploited it already

Best one line post since the forum's inception. And true.

Why does everything need to be utterly broken before it's fixed and someone admits 'more could've been done' after the fact?

The worst should be assumed always, 24/7.
That's not pessimism, that's realism and that's how the world works. Weakness will be always exploited.

1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!