# SSL Certificate



## jr0ck (Dec 12, 2010)

I'd like to request that rollitup.org get an SSL certificate for the site. We should all be using https. I would then also suggest trying to force your traffic over https using some mod_rewrite rules. 

By using https it encrypts the traffic, meaning what we are posting, our passwords, and other text on our favorite topic is not on the wire in clear text(like it is now).


----------



## chrono (Dec 12, 2010)

jr0ck said:


> I'd like to request that rollitup.org get an SSL certificate for the site. We should all be using https. I would then also suggest trying to force your traffic over https using some mod_rewrite rules.
> 
> By using https it encrypts the traffic, meaning what we are posting, our passwords, and other text on our favorite topic is not on the wire in clear text(like it is now).


Are you going to pay for it ??? and really SSL doesnt mean anymore security when a dump of the SQL can be accessed, lol, just dont post personal info, easy.


----------



## jr0ck (Dec 13, 2010)

chrono said:


> Are you going to pay for it ??? and really SSL doesnt mean anymore security when a dump of the SQL can be accessed, lol, just dont post personal info, easy.


I'm not worries about them getting what was posted. I am worried about them getting login/passwds. I would also assume that RIU is doing their due diligence to clear access logs within a reasonable timeframe. So dumping the database is not really the area I am concerned about, although, I would hope proper precautions are being taken.

I mainly use my cell phone, and laptop at coffee shops, as well as at home. It is quite easy to man in the middle attack a network by arp poisoning the gateway. Then just sit back and watch your user/password fly by in plain text. 

Whereas, if that same scenario happens, but im using https, they see nothing more than garbage because it's encrypted. Even if they catch the original key exchange, due to how RSA encryption works, it wouldnt matter.

If money is the issue, ask for donations... I would throw up a few bucks for it. Besides you can find a deal for ~11$/year.


----------



## WeedSavesLives (Apr 9, 2011)

I agree on the SSL certificate, would be nice. I dont know if its the same, but the java chats default action with the newest java is to tell people the sites not safe and to click no, and not load the java chat due to invalid or missing certificate. Admin should look at the chat as a way to keep people on the site and create ad revenue. Hunt for advertisers that provide useful services for the type of people on rollitup. Not fake pot, totally safe sites, with fast loading ads that are as unobtrusive. Work around adblock plus or provide a whitelist for its users and put text behind the ads or the corner top of the page saying "for adblock (plus) users: please support our site with unobtrusive/safe ads by downloading our whitelist for adblock). Plus a forum area for discussion of site features, give people some say, implicate code from others, etc...

My 2 cents (and then some), peace


----------



## Gastanker (Apr 9, 2011)

Just don't use important login/pass for your marijuana forum... Pretty easy fix there.

Not like a secure forum is going to protect you against those seeking the information you are posting to the public. If you don't want the public to know something I would suggest not posting it.


----------

