Jump to content

Why no HTTPS for the 17th Shard?

Mestiv

By Mestiv
in 17th Shard Discussion

 Share

Recommended Posts

Mestiv

Mestiv he/him

Posted
Posted

Hey, I'm wondering, why is there no support for HTTPS connections made to 17th Shard? Sure, we don't have any credit card numbers here or sensitive information BUT! no HTTPS means, that it's easy to eavesdrop email/password information when someone is logging in, especially if someone is logging in on an open WiFi network. And let's be honest, many people use the same password on different sites, so leaking password to 17th Shard account can have severe consequences. Is there any chance to add HTTPS support to the forum?

1
  • 5 weeks later...
Ari

Ari he/him

Posted
Posted

Hey, I'm wondering, why is there no support for HTTPS connections made to 17th Shard? Sure, we don't have any credit card numbers here or sensitive information BUT! no HTTPS means, that it's easy to eavesdrop email/password information when someone is logging in, especially if someone is logging in on an open WiFi network. And let's be honest, many people use the same password on different sites, so leaking password to 17th Shard account can have severe consequences. Is there any chance to add HTTPS support to the forum?

 

You really should not be reusing a password you use for anything critical on a web forum. I understand it's impossible to never re-use passwords in general, but you have bigger problems than secure connections if you're re-using your email password somewhere where you login with your email information :)

1
Mestiv

Mestiv he/him

Posted
  • Author
Posted

You really should not be reusing a password you use for anything critical on a web forum. I understand it's impossible to never re-use passwords in general, but you have bigger problems than secure connections if you're re-using your email password somewhere where you login with your email information :)

Don't worry, I know ;) I even have two-step authentication in gmail and any other place where it is available. Still I was surprised by the lack of secure connections to the forum.

  • 2 years later...
bjmgeek

bjmgeek he/him

Posted
Posted

Especially now that LetsEncrypt is offering free certificates, it's kind of a no-brainer.  In addition, I think modern browsers will mark your site as insecure, if  you aren't using it.

Chaos

Chaos he/him

Posted
Posted
On 7/20/2018 at 2:26 PM, bjmgeek said:

Especially now that LetsEncrypt is offering free certificates, it's kind of a no-brainer.  In addition, I think modern browsers will mark your site as insecure, if  you aren't using it.

The certificate is not at all the problem, but rather compatibility with IPS and various things like that that I have not had time to sort out. I'm aware of this all and will be working on it hopefully in the next site update, but I did some testing and there was some various weirdness.

So yeah, it's super easy to have a cert, but to have the software not be pissy about it is a different story. 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...