Veldy (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
July 05, 2011, 07:15:39 AM |
|
<eom>
|
If you have found my post helpful, please donate what you feel it is worth: 18vaZ4K62WiL6W2Qoj9AE1cerfCHRaUW4x
|
|
|
josephholsten
Newbie
Offline
Activity: 18
Merit: 0
|
|
July 07, 2011, 06:11:33 PM |
|
+1
|
|
|
|
wumpus
|
|
July 07, 2011, 06:38:45 PM |
|
+1 I don't really understand why it still supports plaintext http at all. The only use for http servers is to redirect to https The reason for this used to be because the forum used a self-signed certificate that produced scary warnings in some browsers. This was solved a while ago, though, and we could easily go full https.
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
|
|
|
CanaryInTheMine
Donator
Legendary
Offline
Activity: 2352
Merit: 1060
between a rock and a block!
|
|
July 08, 2011, 12:00:57 AM |
|
With all the shenanigans with exchanges and DDOS against pools, it's only a matter of time till the forums fall victim to something... Would SSL by default help avoid "some" problems? Probably.
A cert is very inexpensive nowdays. I'm sure ppl would chip in for this purpose if we were asked to do so.
|
|
|
|
Veldy (OP)
Member
Offline
Activity: 98
Merit: 10
|
|
July 08, 2011, 12:11:56 AM |
|
With all the shenanigans with exchanges and DDOS against pools, it's only a matter of time till the forums fall victim to something... Would SSL by default help avoid "some" problems? Probably.
A cert is very inexpensive nowdays. I'm sure ppl would chip in for this purpose if we were asked to do so.
It keeps your credentials encrypted at least which makes man in the middle attacks essentially not possible [I suppose if they have the certificate and somehow change DNS records ...].
|
If you have found my post helpful, please donate what you feel it is worth: 18vaZ4K62WiL6W2Qoj9AE1cerfCHRaUW4x
|
|
|
fitty
|
|
July 08, 2011, 03:55:28 AM |
|
With all the shenanigans with exchanges and DDOS against pools, it's only a matter of time till the forums fall victim to something... Would SSL by default help avoid "some" problems? Probably.
A cert is very inexpensive nowdays. I'm sure ppl would chip in for this purpose if we were asked to do so.
Chip in? You realize the people who started BTC have 100,000s of BTC right? Wildcard cert is like $200.
|
|
|
|
CanaryInTheMine
Donator
Legendary
Offline
Activity: 2352
Merit: 1060
between a rock and a block!
|
|
July 08, 2011, 04:32:12 AM |
|
With all the shenanigans with exchanges and DDOS against pools, it's only a matter of time till the forums fall victim to something... Would SSL by default help avoid "some" problems? Probably.
A cert is very inexpensive nowdays. I'm sure ppl would chip in for this purpose if we were asked to do so.
Chip in? You realize the people who started BTC have 100,000s of BTC right? Wildcard cert is like $200. So what? If the call came, ppl would chip in. Or you can lobby these people you are talking about to pay for it. Go for it!
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5362
Merit: 13337
|
|
July 08, 2011, 05:47:48 AM |
|
HTTPS might increase load too much for the server to handle.
The cookies also need to be made secure. Right now you'll send them over an insecure connection if you ever visit any HTTP page even if you use HTTPS normally.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
CanaryInTheMine
Donator
Legendary
Offline
Activity: 2352
Merit: 1060
between a rock and a block!
|
|
July 08, 2011, 06:43:17 AM |
|
HTTPS might increase load too much for the server to handle.
The cookies also need to be made secure. Right now you'll send them over an insecure connection if you ever visit any HTTP page even if you use HTTPS normally.
Properly configured servers won't have any issues with SSL. Poor excuse.
|
|
|
|
wumpus
|
|
July 08, 2011, 07:56:46 AM Last edit: July 08, 2011, 08:20:00 AM by John Smith |
|
HTTPS might increase load too much for the server to handle.
You could try it out, though. I don't think the difference will be significant. Most of the work a forum server does is not related to the network but to database I/O, and secondly PHP logic generating the pages. Others, about the certificate: you don't need to "chip in" as there is already a proper certificate now. It was a problem of the past.
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
|
|
|
XIU
|
|
July 08, 2011, 08:10:43 AM |
|
It does support running the forum on https, or will the login explicitly go to the http page first?
|
|
|
|
joepie91
|
|
July 08, 2011, 12:33:10 PM |
|
HTTPS might increase load too much for the server to handle.
The cookies also need to be made secure. Right now you'll send them over an insecure connection if you ever visit any HTTP page even if you use HTTPS normally.
Properly configured servers won't have any issues with SSL. Poor excuse. SSL does actually cause extra server load, even if it's just a little. For something that is under DDoS rather often (like these forums) that may be a dealbreaker.
|
Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
|
|
|
CanaryInTheMine
Donator
Legendary
Offline
Activity: 2352
Merit: 1060
between a rock and a block!
|
|
July 08, 2011, 03:20:45 PM |
|
I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL.
|
|
|
|
joepie91
|
|
July 08, 2011, 03:26:22 PM |
|
I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL.
I don't think people are specifically arguing against SSL, but rather arguing against making it the default.
|
Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
|
|
|
CanaryInTheMine
Donator
Legendary
Offline
Activity: 2352
Merit: 1060
between a rock and a block!
|
|
July 08, 2011, 03:35:50 PM |
|
I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL.
I don't think people are specifically arguing against SSL, but rather arguing against making it the default. Whatever... Just make it happen please. Let us know how we can help. Thanks.
|
|
|
|
drawoc
Full Member
Offline
Activity: 168
Merit: 100
Firstbits: 175wn
|
|
July 08, 2011, 04:15:03 PM |
|
Just to be clear to everyone reading this thread, you can already browse the forums with SSL. In the URL bar, simply add an s on the end of http, and you'll be good (Yes, they already have a cert).
The OP is about making this the default, not about adding SSL support.
|
Donate: 175WNXmJ1WVhFgVGKUqEhYtAQGRYAvqPA
|
|
|
wumpus
|
|
July 08, 2011, 05:14:54 PM |
|
I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL.
+1 no excuses, this is a cryptocurrency forum for fuck's sake, we need security by default, not after someone has exploited it already
|
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts.
|
|
|
Smalleyster
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 09, 2011, 05:44:40 AM |
|
I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL.
+1 no excuses, this is a cryptocurrency forum for fuck's sake, we need security by default, not after someone has exploited it already /aol on Me too! /aol off
|
|
|
|
Jack of Diamonds
|
|
July 09, 2011, 12:31:58 PM |
|
I'm just shaking my head in dismay at you all who are coming up with excuses not to have SSL.
+1 no excuses, this is a cryptocurrency forum for fuck's sake, we need security by default, not after someone has exploited it already Best one line post since the forum's inception. And true. Why does everything need to be utterly broken before it's fixed and someone admits 'more could've been done' after the fact? The worst should be assumed always, 24/7. That's not pessimism, that's realism and that's how the world works. Weakness will be always exploited.
|
1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
|
|
|
|