https URL for this site?

Our Community Forums General Discussion https URL for this site?

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • March 2, 2016 at 1:35 pm #1048691
    Tim Kelley
    Participant

    @peterw_diy 135953 wrote:

    Tim, Henry, any chance this forum could start using an https secure URL? This is one of very few websites I visit that still requires me to use an insecure http:// address. :-(

    Thanks.

    Not sure. I’ll check with our web guy.

    What’s the advantage? Is there really a need for more security when there is no money or personal information being exchanged? How much extra work is this going to create for admins to implement?

    Remember, we’re just lowly bike advocates–not fancy pants IT folks.

    March 2, 2016 at 3:05 pm #1048700
    jrenaut
    Participant

    Have him check out Let’s Encrypt, if he hasn’t already, for free SSL certificates. It’s going to become the default pretty soon. In the next year or two I wouldn’t be surprised to see Chrome and Firefox making you click ok before you see any unencrypted web traffic at all. It works sort of like vaccinating – yes, the traffic on this site isn’t likely to need encryption, but encrypting the whole internet makes us all safer.

    Depending on your hosting, this may be something the hosting company can do for you.

    March 2, 2016 at 4:31 pm #1048710
    hozn
    Participant

    @Tim Kelley 135969 wrote:

    What’s the advantage? Is there really a need for more security when there is no money or personal information being exchanged?

    I agree with the sentiment here that it’s definitely better to enable encryption — and ideally to only allow encrypted traffic. While there’s no money or (detailed) personal information being exchanged, there are a few things that one might not want to be visible to anyone watching (e.g.) the starbucks wifi traffic:
    – Their password. Especially if they happen to use this password for any other website.
    – Their email address. Probably is only transmitted if someone visits their profile settings page, but not out of the realm of possibility.

    March 2, 2016 at 4:41 pm #1048711
    jrenaut
    Participant

    @hozn 135986 wrote:

    – Their password. Especially if they happen to use this password for any other website.

    Though I hope none of you are doing that. KeePass+Dropbox means I have strong unique passwords for every site I ever visit, available securely on all my devices. Feel free to PM me for advice on how to do something similar.

    March 8, 2016 at 5:39 pm #1049051
    peterw_diy
    Participant

    @hozn 135986 wrote:

    there are a few things that one might not want to be visible to anyone watching (e.g.) the starbucks wifi traffic:
    – Their password. Especially if they happen to use this password for any other website.
    – Their email address. Probably is only transmitted if someone visits their profile settings page, but not out of the realm of possibility.

    And their forum “remember me” authentication cookies. If I can just get on the same WiFi as Tim long enough for him to make one single Web request I can read his saved PMs, add that Tumblr link, change rcannnon’s avatar to a cat pic, you name it…

    March 8, 2016 at 5:41 pm #1049052
    hozn
    Participant

    Yes, good point on the cookie. You don’t even have to wait for a login, in that case … Yikes.

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.