Redirect HTTPS to HTTP for this forum?
Can't hurt.
|
SSL certificates cost money.
|
There's a few places where you can get them for free..
https://www.startssl.com/Support?v=1 https://letsencrypt.org/ But a simple re-direct from HTTPS to HTTP would be cool (which is also free) |
There is absolutely NO REASON to have this site on HTTPS!!
Nothing private here........ All you do is cause potential connection problems FOR NO REASON!! |
I resurrect this thread because I was just about to start a new thread and ask why the forum has no https... In fact, attempting to connect via https results in an error page for me.
While I agree with the previous poster that there is nothing really private on this forum, I believe that https should be best practice today for anything that involves a login procedure. Protecting your credentials should IMHO be taken serious these days. Are there any plans to offer https in the future? Best, gecko |
Quote:
His last visit here was on 13 July 2016, six months ago. |
Quote:
The computationally expensive part of HTTPS is the initial negotiation. After that, it's cheap. And you want that to protect passwords anyway. It's impractical at best to attempt to securely request or submit passwords over HTTP. Any counterarguments probably addressed here. |
Whoops. Meant to quote/dispute
Quote:
|
Why?
Quote:
I disagree with the original poster. This would hurt, since users would get a false sense of security without any benefit. Bill |
Quote:
|
Quote:
"Redirect HTTP to HTTPS for this forum?" There is NO reason to put a reg site like this on HTTPS!! |
Quote:
Quote:
|
Ya I just noticed they said the same thing twice...... (They are confused.... They meant to say HTTP TO HTTPS (The other doesnt make any sense @ all))
|
The only valid reason I could see for doing this would be to secure user credentials against interception, which is a somewhat valid concern, but perhaps not enough to justify the additional complexity, cost, and overhead of maintaining an HTTPS version of the site, and in particular forcing/redirecting users to that version — which as others have pointed out would potentially create needless connectivity issues.
Ultimately like any security assessment it comes down to the actual threat and risk we're talking about. As long as you're following best security practices and not reusing the same password everywhere (and password reuse is a very bad idea even if a site is fully SSL-protected), there's very little that an attacker is going to get from having your EMD password. Basically, they can compromise your account and impersonate you on these forums, read your private messages, and obtain your email address. How much of an issue that is for you really depends on what sort of things you're doing on these forums — if you're exchanging confidential information via the PM system, then perhaps you have something to be concerned about, but it's probably safe to say that most users aren't doing that. Personally, I think most hackers have better things to do with their resources than target EMD profiles, especially on a per-user basis. There's just nothing of sufficient value here to make it worth anybody's time and effort. Frankly, if I wanted to pick at nits, I'd be more concerned that EMD is still running considerably older versions of Apache (2.2.24 circa 2013), PHP (5.2.17, circa 2011), and vBulletin 3.6.12 (assuming PL2, circa 2009). That said, I'm not even that concerned about these, since with the exception of Apache, these are the latest patch releases for those streams. However, there are still known vulnerabilities in those as well that make a desire for SSL securing the transmission channels even less relevant by comparison. |
It should always be https nowadays. This is one of the few places without it. I'm pretty sure we won't see much effort here due to the falling interest overall.
I've been using a vpn service for years and am not concerned about an emd breach at my end. And like someone else mentioned, we are low priority. I would hate to see my many year account hacked. |
All times are GMT +9. The time now is 01:10 PM. |
Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy