Announcement

Collapse
No announcement yet.

HTTPS?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #91
    I suggest that anyone sue the contact form http://www.torrent-invites.com/misc.php?do=form&fid=15

    and send this message

    Comment


    • #92
      The vBulletin hack, as far as I know, would not have been prevented by using SSL. But there's plenty of reasons to adopt SSL either way.

      Comment


      • #93
        Although not strictly necessary on a site like this, I still support the idea. As time goes on, browsers are going to start showing nag-screens about "This site is not secure" as HTTPS becomes the norm across the net. Also getting a Cert costs nothing any more thanks to letsencrypt.org (I use one myself on the seedbox. It just requires a script to keep it renewed every month. Otherwise, maintenance free).

        Comment


        • #94
          Originally posted by pyr View Post
          Although not strictly necessary on a site like this, I still support the idea. As time goes on, browsers are going to start showing nag-screens about "This site is not secure" as HTTPS becomes the norm across the net. Also getting a Cert costs nothing any more thanks to letsencrypt.org (I use one myself on the seedbox. It just requires a script to keep it renewed every month. Otherwise, maintenance free).
          How do you define "strictly necessary"? Such a formulation suggest a requirement of which only one solution exist. What are the requirements? Should we protect the privacy of our users? (This on should be obvious: YES) If so, TLS is a simple, very well-proven, stable solution that eliminates a large amount of attack vectors. And nowadays, also completely free. I argue that any site that serves dynamic and/or non-public content should always be served over TLS, not doing so is a betrayal of the privacy of its users. For example the login form on this site is (almost) unprotected from anyone wanting to snoop user credentials (yes, it does hash the password with md5, but it's trivially crackable, or you could just pass-the-hash). Private messages containing potentially sensitive information is sent over the net in clear text.

          Chrome and Firefox already shows discrete warnings for unprotected pages if a input form is present, but not otherwise (yet). Such warnings are expected to be expanded in the future to include pretty much everything.

          Comment


          • #95
            Hi!

            Might i suggest making redirect from "non SSL" connection to "SSL" connection?

            Comment


            • #96
              In my opinion every site that have some kind of private info (and personal accounts are definitely private info) should implement HTTPS.

              Comment


              • #97
                Originally posted by Garkenos View Post
                In my opinion every site that have some kind of private info (and personal accounts are definitely private info) should implement HTTPS.
                I see that HTTPS is set (you can open TI with https protocol). Just need to set redirects. :)

                Comment


                • #98
                  Originally posted by TheDarkKnightR View Post
                  I also think its time to make this happen, just to be on the safe side.
                  a bad thing and overall it feels much more jiofi.local.html tplinklogin is it down worthwhile to the members of the community, i really cant see any downside to this other than the unfortunate cost to maintain it
                  Last edited by DARKINATY; October 11, 2019, 07:43 PM.

                  Comment


                  • #99
                    Free is free. What gives you more security for free should be good for all!

                    Comment

                    Working...
                    X