Bitcoin Forum
October 20, 2019, 04:02:39 PM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: HSTS implementation to improve HTTPS in bitcointalk  (Read 452 times)
rme
Hero Member
*****
Offline Offline

Activity: 742
Merit: 501



View Profile
November 23, 2013, 10:28:19 PM
 #1

I know I have suggested this two times but I consider it necessary.



Please enable HSTS to avoid sslstrip or a MITM replacing the http page.
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

With PHP check if the page is been served in HTTP, if so redirect to HTTPS.
In HTTPS set the HSTS header:
Code:
header("strict-transport-security: max-age=31536000");
(Example implementation in PHP).

That tells the browser to only use the HTTPS versión of bitcointalk.org for a year (31536000 seconds).
So, my browser will go directly to https even if I have no internet conection.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
rme
Hero Member
*****
Offline Offline

Activity: 742
Merit: 501



View Profile
November 24, 2013, 10:58:05 AM
 #2

Up
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!