HTTP vs HTTPS

Discussion in 'Site News' started by vostok, Jun 13, 2015.

  1.  
    sunni

    sunni Administrator Staff Member

    We have and I'm sure he has considered it
     
  2.  
    Michael Huntherz

    Michael Huntherz Well-Known Member

    Mods, owners, please check out letsencrypt.org - free https security certificates, trivial to obtain. Totally legit.

    I would volunteer my time to help y'all install it. I almost didn't come back to RIU because it makes me so uncomfortable. I love too many people here to stay away, I guess.

    Currently, anyone with rudimentary hacking skills can see an RIU user's password in plaintext when they log into the site via public wifi, for instance. They may not mean to target RIU or users here, but when script kiddies see unencrypted logins on the wire they swarm like flies on shit. Them's just facts.
     
    Last edited: Sep 27, 2017
  3.  
    Bubblin

    Bubblin Well-Known Member

    This ^
    If the site owners or mods had any idea how stupid it actually is to run a site like this w/o https, they'd walk in traffic...

    The only thing users can do in the meantime is make sure they're using a different password for RIU, because like Michael H said, sites like this w/o https get farmed for logins, :arrow: and more often than not those logins will work elsewhere...
     
    vostok and Michael Huntherz like this.
  4.  
    cannetix Inc

    cannetix Inc Well-Known Member

    Just so you know, HTTPS everywhere does not make non-HTTPS connections HTTPS encrypted, it simply enforces HTTPS on web servers that have it enabled. Many web servers have both an HTTP and HTTPS version for back compatibility reasons so sometimes you can accidentally end up on an open connection. HTTPS everywhere prevents this and only this. If RIUs servers don't have the capability to handle HTTPS, which they don't appear to, attempting to "enforce" it will simply result in an error. The server would just see it as "jibberish". In the case of the "HTTPS everywhere" extension, it will just default to an HTTP connection.
     
    Michael Huntherz, vostok and Bubblin like this.
  5.  
    cannetix Inc

    cannetix Inc Well-Known Member

    But yes, I agree, I would very much like to see HTTPS encryption. It's not just about personal data, its just best common practice to use HTTPS. Once your password is exposed on one-site, if it is re-used on another site security is exponentially reduced.
     
    Michael Huntherz, Bubblin and Cx2H like this.
  6.  
    see4

    see4 Well-Known Member

    It's pretty easy to convert to https, using letsencrypt, and cloudflare has ways to implement it pretty easily.
     
    Cx2H and curious2garden like this.
  7.  
    Admin

    Admin Administrator Staff Member

    added forced SSL today
     
  8.  
    BleedsGreen

    BleedsGreen Well-Known Member

  9.  
    Michael Huntherz

    Michael Huntherz Well-Known Member

    I am so very very happy about this! Thank you!
     
  10.  
    HydroRed

    HydroRed Well-Known Member

  11.  
    Potmetal

    Potmetal Well-Known Member

    Sweet!
     
  12.  
    greencropper

    greencropper Well-Known Member

    when i try to upload a pic i get warning now that data is being sent over an insecure connection?, and even when i proceed against the warning the pic does not upload?
     
  13.  
    Michael Huntherz

    Michael Huntherz Well-Known Member

    They are working on it, it can be complex depending on one’s existing infrastructure and code. Y’all holler at me if you need help, RIU team.
     
    greencropper likes this.
  14.  
    Observe & Report

    Observe & Report Well-Known Member

    TLS has worked for reading for a few months but posting has been broken.
     
    vostok and Michael Huntherz like this.
  15.  
    vostok

    vostok Well-Known Member

    Big Thanks

    This end
     
    Michael Huntherz likes this.

Share This Page