Mestiv Posted August 24, 2015 Report Share Posted August 24, 2015 Hey, I'm wondering, why is there no support for HTTPS connections made to 17th Shard? Sure, we don't have any credit card numbers here or sensitive information BUT! no HTTPS means, that it's easy to eavesdrop email/password information when someone is logging in, especially if someone is logging in on an open WiFi network. And let's be honest, many people use the same password on different sites, so leaking password to 17th Shard account can have severe consequences. Is there any chance to add HTTPS support to the forum? 1 Quote Link to comment Share on other sites More sharing options...
Ari Posted September 23, 2015 Report Share Posted September 23, 2015 Hey, I'm wondering, why is there no support for HTTPS connections made to 17th Shard? Sure, we don't have any credit card numbers here or sensitive information BUT! no HTTPS means, that it's easy to eavesdrop email/password information when someone is logging in, especially if someone is logging in on an open WiFi network. And let's be honest, many people use the same password on different sites, so leaking password to 17th Shard account can have severe consequences. Is there any chance to add HTTPS support to the forum? You really should not be reusing a password you use for anything critical on a web forum. I understand it's impossible to never re-use passwords in general, but you have bigger problems than secure connections if you're re-using your email password somewhere where you login with your email information 1 Quote Link to comment Share on other sites More sharing options...
Mestiv Posted September 23, 2015 Author Report Share Posted September 23, 2015 You really should not be reusing a password you use for anything critical on a web forum. I understand it's impossible to never re-use passwords in general, but you have bigger problems than secure connections if you're re-using your email password somewhere where you login with your email information Don't worry, I know I even have two-step authentication in gmail and any other place where it is available. Still I was surprised by the lack of secure connections to the forum. 0 Quote Link to comment Share on other sites More sharing options...
Rubix Posted September 23, 2015 Report Share Posted September 23, 2015 It's something I'm looking into doing with the site upgrade. 4 Quote Link to comment Share on other sites More sharing options...
bjmgeek Posted July 20, 2018 Report Share Posted July 20, 2018 Especially now that LetsEncrypt is offering free certificates, it's kind of a no-brainer. In addition, I think modern browsers will mark your site as insecure, if you aren't using it. 0 Quote Link to comment Share on other sites More sharing options...
Chaos Posted July 21, 2018 Report Share Posted July 21, 2018 On 7/20/2018 at 2:26 PM, bjmgeek said: Especially now that LetsEncrypt is offering free certificates, it's kind of a no-brainer. In addition, I think modern browsers will mark your site as insecure, if you aren't using it. The certificate is not at all the problem, but rather compatibility with IPS and various things like that that I have not had time to sort out. I'm aware of this all and will be working on it hopefully in the next site update, but I did some testing and there was some various weirdness. So yeah, it's super easy to have a cert, but to have the software not be pissy about it is a different story. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.