korider.com | Hyosung Motorcycle Owners Forum

korider.com | Hyosung Motorcycle Owners Forum

  • October 17, 2017, 04:55:17 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search

News:

Welcome to Korider.com!

Pages: [1]

Author Topic: SSL Cert  (Read 958 times)

Joss

  • Scraping the pegs
  • *****
  • Offline Offline
  • Posts: 727
    • Website
SSL Cert
« on: March 17, 2017, 09:28:42 AM »

I'm just questioning why this site hasn't decided to use an SSL cert. Its pretty much a given standard these days when using authentication. They are relatively cheap too.

Just seems a shame to run a risk of no encryption for the sake of a few pennies. I think I also remember reading that at some point browsers were going to phase out http.

*EDIT* Yep : https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
and https://www.eurodns.com/blog/https-security-for-google-chrome
« Last Edit: March 17, 2017, 09:56:50 AM by Joss »
Logged

Register and log in and the Ads below will be gone! :D

BikeBandit.com

umop-ǝpisdn

  • Global Moderator
  • Forum Addict
  • *****
  • Offline Offline
  • Posts: 6477
Re: SSL Cert
« Reply #1 on: March 18, 2017, 09:11:09 PM »

Why not send a message to skadamo and ask? He owns this site.
Logged
I used to be a sensitive, new age guy, but times have changed and now I am more of a caring, understanding, ninties type.

Joss

  • Scraping the pegs
  • *****
  • Offline Offline
  • Posts: 727
    • Website
Re: SSL Cert
« Reply #2 on: March 18, 2017, 09:21:03 PM »

Why not send a message to skadamo and ask? He owns this site.

I didnt know who was the owner, I'll send a PM their way. Thank you.
« Last Edit: March 29, 2017, 08:11:54 AM by Joss »
Logged

Joss

  • Scraping the pegs
  • *****
  • Offline Offline
  • Posts: 727
    • Website
Re: SSL Cert
« Reply #3 on: March 29, 2017, 08:11:34 AM »

PM'd skadamo on 20/03/17.

No reply.
Logged

Joss

  • Scraping the pegs
  • *****
  • Offline Offline
  • Posts: 727
    • Website
Re: SSL Cert
« Reply #4 on: May 16, 2017, 08:33:16 AM »

A quick whois revealed skadamo's gmail. I'll try again with that and see if I get any response.
Logged

skadamo

  • Location: Elgin, IL
  • Administrator
  • Forum Addict
  • *****
  • Offline Offline
  • Posts: 2573
    • http://www.korider.com
Re: SSL Cert
« Reply #5 on: May 17, 2017, 04:10:48 AM »

I'll work on this. Until then don't share credit card numbers or admit to any crimes ;)

It's less about $ and more about time and compatibility of the site with ssl.

Thanks all for contacting me, I'll get us there.
Logged
2007 GT250R

Joss

  • Scraping the pegs
  • *****
  • Offline Offline
  • Posts: 727
    • Website
Re: SSL Cert
« Reply #6 on: May 17, 2017, 08:49:37 AM »

I'll work on this. Until then don't share credit card numbers or admit to any crimes ;)

It's less about $ and more about time and compatibility of the site with ssl.

Thanks all for contacting me, I'll get us there.

The forum has no bearing on an ssl cert, the cert lies within IIS or apache (I'm guessing your using a hosting provider, they normally give you a cpanel for this). The connection with SSL is handled before any content begins to load so the only issue you will have is ensuring SMF does not have a hard coding to port 80 instead of 443. That being said, this forum is 2 revisions behind and the change notes do specify HTTPS fixes:

Quote
Also added HTTPS for avatars.

If they have HTTPS for avatars, then it will support it for login.

Also, the need for https is not about what content people are putting up, its about ensuring an end to end encryption tunnel to prevent MITM attacks. Anything you send HTTP is un-encrypted and susceptible to MITM and read in plain text. If you need any info or help skadamo I'll gladly offer it.
Logged

retryW

  • Regular rider
  • ***
  • Offline Offline
  • Posts: 102
Re: SSL Cert
« Reply #7 on: May 18, 2017, 12:44:23 AM »

^ and with how easy MITM is to do now, SSL is pretty much a necessity.
Logged

Joss

  • Scraping the pegs
  • *****
  • Offline Offline
  • Posts: 727
    • Website
Re: SSL Cert
« Reply #8 on: May 18, 2017, 08:20:48 AM »

^ and with how easy MITM is to do now, SSL is pretty much a necessity.

MITM without SSL is easy peasy. MITM with SSL is possible but it breaks the certificate chain so you see the warning in your browser to tell you the SSL cert has been modified *unless you trust the Certificate Authority breaking the chain*.

HTTP only exists to cater for legacy websites that are not going to be updated. Anything else should be HTTPS.
Logged

Joss

  • Scraping the pegs
  • *****
  • Offline Offline
  • Posts: 727
    • Website
Re: SSL Cert
« Reply #9 on: July 29, 2017, 07:17:38 PM »

Any progress?
Logged

Pages: [1]