1. We are currently experiencing issues with viewing and uploading images, our team is working on the issue.
    Dismiss Notice

HTTP vs HTTPS

Discussion in 'Site News' started by vostok, Jun 13, 2015.

  1.  
    vostok

    vostok Well-Known Member

    Kind of strange that this be the only popular weed site, that don't have the infamous /s after the HTTP.
    does admin ever have any intention of securing this header...?
    being that its served from some shithole outta the Caribbean...?
     
    Bbcchance, MiStUrX and Hydrotech364 like this.
  2.  
    King Arthur

    King Arthur Well-Known Member

    Good question...
     
  3.  
    strainbank

    strainbank Active Member

    might be an seo issue if they have a lot of backlinks to the http version of this website. since there are no purchases or personal info being given, im not sure how much it matters for these folks? the nsa have access to everything regardless of https.
     
    Grandpapy, esh dov ets and Posionivy like this.
  4.  
    strainbank

    strainbank Active Member

    @vostok i noticed that too, why the hell would someone block their profile? seems stupid. what issues have experienced with these people?
     
  5.  
    Cx2H

    Cx2H Well-Known Member

    #Old
    That is irrelevant, it is irresponsible to operate any site with public info databases without encryption. How easy you want to make it? Someone could start here and end in you google accounts controlling all your infos?! Encryption/HTTPS certs are free nowadays at Let's Encrypt...
    #InfoSec
     
  6.  
    see4

    see4 Well-Known Member

    Because there is no information that requires being secured. It's an open forum, all the information users provide is easily accessible without having to hack.

    I would assume that advertisers work out something with the admins "offline", and no automation or transfer of financial information is transacted or stored on a local database.

    But yea, Cx2H is right. with Let's Encrypt, you can easily add SSL to a domain with ease and no cost.
     
    Cx2H and vostok like this.
  7.  
    Bubblin

    Bubblin Well-Known Member

    If anyone here was worried about seo they would remove the www. subdomain and redirect all to non www.
    Having both = essentially having two sites with the same content. Canonical isn't always followed nor helpful 100% of the time, plus you need to log into both www. and non www separately.

    @ssl / https
    As Cx2h said, Free certs @ https://letsencrypt.org/
    It's a fairly simple install for some os's.

    FYI, ssl/https has nothing to do with database encryption or anything server side really. DB's are normally on localhost, if it's remote then it's an ip.
    It's about the transportation of data using encrypted packets. Aka shit you type here will be encrypted, text, usenames, passwords ect. Without it everything is plain text.

    imo a site like this should totally have it.
     
  8.  
    vostok

    vostok Well-Known Member

    More so after the likes of tv's Mr Robot/Christen Bale showing not all tv csi ip crime, is bullshit ??
     
    Cx2H and Bubblin like this.
  9.  
    Bubblin

    Bubblin Well-Known Member

    Great show, nutty as hell but the good kinda nutty ;)
     
    Cx2H likes this.
  10.  
    vostok

    vostok Well-Known Member

    fuckin nutty is right

    English as a 2nd language in an issue

    but I'm needing subs on this show ....lol
     
    Cx2H and Bubblin like this.
  11.  
    Bubblin

    Bubblin Well-Known Member

    I'm gonna hax your subs and replace them with subs from an 80's porn film.
     
    vostok and Cx2H like this.
  12.  
    vostok

    vostok Well-Known Member

    [​IMG]
    Found This for those that take security highly ...even those that don't

    HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications
    with many major websites, making your browsing more secure.

    Encrypt the web: Install HTTPS Everywhere today.
    https://www.eff.org/https-everywhere
     
    potpimp, choomer, xox and 3 others like this.
  13.  
    Jubilant

    Jubilant Well-Known Member

    I myself would like to see this change. It protects every user on deeper levels then "is my info I post secure" It is a protection for your connection to the actual server. Having HTTPS helps to assure against man in the middle attacks as well, which is a feature I would enjoy.
     
  14.  
    vostok

    vostok Well-Known Member

    potpimp and Cx2H like this.
  15.  
    spaceship

    spaceship Member

    RIU is behind cloudflare. And CF has a flexible SSL plan (for free).
    A real SSL certificate only costs 10$/year.
    I wonder why admins still don't care about users privacy at all.
     
    Cx2H likes this.
  16.  
    Cx2H

    Cx2H Well-Known Member

    Cloud flare also just had cloud bleed vulnerability and was dumping pID, passwords and their reputation. Again database encryption and transport encryption are no brainers here. The "Networking Team" here are late 90's with their #InfoSecNinjaSkills...

    Example ddos should not interrupt service more than a day at most to mitigate and really, as long as DNS takes to update (hours), but round these parts = week.

    Fried HD in raid strip is day max to mitigate as well with a slow repopulate.

    Database fried = as long as it takes to load fresh backup.
    #NetSec
    #OpSec
    ;-)
     
  17.  
    sunni

    sunni Administrator Staff Member

    Feel free to leave if you don't like the hard work we do here for your free website
     
    BarnBuster likes this.
  18.  
    MiStUrX

    MiStUrX Member

    You still haven't provided an answer sunni, website is not exactly free. RIU contains advertisements and sponsors selling their goods and services.
     
    Cx2H and prostheticninja like this.
  19.  
    sunni

    sunni Administrator Staff Member

    I'm not the owner of the website
    So I cannot provide answers I don't have
     
  20.  
    cool2burn

    cool2burn Well-Known Member

    It is something you as a Mod should suggest to the owners. It would make it a bit more difficult for hackers to bring the site down again. However if they really want to there is not much that can be done to stop- it. All you can do is to try and make it more difficult.
     
    Cx2H likes this.

Share This Page