SSL Certificate

J

jr0ck

Member
I'd like to request that rollitup.org get an SSL certificate for the site. We should all be using https. I would then also suggest trying to force your traffic over https using some mod_rewrite rules.

By using https it encrypts the traffic, meaning what we are posting, our passwords, and other text on our favorite topic is not on the wire in clear text(like it is now).
 
jr0ck said:
I'd like to request that rollitup.org get an SSL certificate for the site. We should all be using https. I would then also suggest trying to force your traffic over https using some mod_rewrite rules.

By using https it encrypts the traffic, meaning what we are posting, our passwords, and other text on our favorite topic is not on the wire in clear text(like it is now).
Click to expand...

Are you going to pay for it ??? and really SSL doesnt mean anymore security when a dump of the SQL can be accessed, lol, just dont post personal info, easy.
 
chrono said:
Are you going to pay for it ??? and really SSL doesnt mean anymore security when a dump of the SQL can be accessed, lol, just dont post personal info, easy.
Click to expand...

I'm not worries about them getting what was posted. I am worried about them getting login/passwds. I would also assume that RIU is doing their due diligence to clear access logs within a reasonable timeframe. So dumping the database is not really the area I am concerned about, although, I would hope proper precautions are being taken.

I mainly use my cell phone, and laptop at coffee shops, as well as at home. It is quite easy to man in the middle attack a network by arp poisoning the gateway. Then just sit back and watch your user/password fly by in plain text.

Whereas, if that same scenario happens, but im using https, they see nothing more than garbage because it's encrypted. Even if they catch the original key exchange, due to how RSA encryption works, it wouldnt matter.

If money is the issue, ask for donations... I would throw up a few bucks for it. Besides you can find a deal for ~11$/year.
 
I agree on the SSL certificate, would be nice. I dont know if its the same, but the java chats default action with the newest java is to tell people the sites not safe and to click no, and not load the java chat due to invalid or missing certificate. Admin should look at the chat as a way to keep people on the site and create ad revenue. Hunt for advertisers that provide useful services for the type of people on rollitup. Not fake pot, totally safe sites, with fast loading ads that are as unobtrusive. Work around adblock plus or provide a whitelist for its users and put text behind the ads or the corner top of the page saying "for adblock (plus) users: please support our site with unobtrusive/safe ads by downloading our whitelist for adblock). Plus a forum area for discussion of site features, give people some say, implicate code from others, etc...

My 2 cents (and then some), peace
 
Just don't use important login/pass for your marijuana forum... Pretty easy fix there.

Not like a secure forum is going to protect you against those seeking the information you are posting to the public. If you don't want the public to know something I would suggest not posting it.
 
You must log in or register to reply here.

Similar threads

P
Seedsman Data Breach
Replies
2
Views
658
Week4@inCharge
Week4@inCharge
Spliffy Twojoints
Chlorine and chloramine in water maybe a non-issue?
Replies
11
Views
903
Jjgrow420
Jjgrow420
hanimmal
Biden's lame duck presidency, what does the old guy have in his tank?
2 3
Replies
46
Views
4K
Offmymeds
Offmymeds
hanimmal
Kamala Harris Launches Her Campaign for President
7 8 9
Replies
173
Views
14K
compassionateExotic
compassionateExotic
Hobbes
Anyone try The Flower Mill grinder?
Replies
0
Views
415
Hobbes
Hobbes
Back
Top