Posts: 89
Threads: 1
Joined: Jun 2018
Reputation:
8
So Google Chrome keeps reminding me that WRC is not secure.
For the security of you and your members have you considered installing an SSL certificate?
Posts: 4,927
Threads: 155
Joined: Aug 2014
Reputation:
127
We have. We're going through the logistics now actually
Posts: 89
Threads: 1
Joined: Jun 2018
Reputation:
8
(11-21-2018, 07:21 PM)Spokes Wrote: We have. We're going through the logistics now actually
Cool, good to know. thanks
Posts: 4,406
Threads: 1
Joined: May 2015
Reputation:
189
(11-21-2018, 07:21 PM)Spokes Wrote: We have. We're going through the logistics now actually
Let’s Encrypt, or something more complicated?
Posts: 4,927
Threads: 155
Joined: Aug 2014
Reputation:
127
That was one option we were looking at, but Taylortbb has been offering some really good suggestions of some paid alternatives that are still very reasonably priced
Posts: 89
Threads: 1
Joined: Jun 2018
Reputation:
8
sooo... curious, any update on this? Been a while
Posts: 4,927
Threads: 155
Joined: Aug 2014
Reputation:
127
No. Unfortunately not. It's on my list but sadly it's a long list and it's been a busy few months.
It's going to happen
Posts: 6,905
Threads: 32
Joined: Oct 2014
Reputation:
224
Just wondering, what would this do for the forum? It's a public forum and everything we post is available to anyone in a browser.
Posts: 4,927
Threads: 155
Joined: Aug 2014
Reputation:
127
There are a few members who could explain it way way way better than I, so I think I'll defer to them.
Posts: 89
Threads: 1
Joined: Jun 2018
Reputation:
8
Not really about publicly available information on the forum, more about the data that's being transmitted -
https://blog.mozilla.org/security/2017/0...cure-http/
Quote:HTTPS helps keep you safe from eavesdropping and tampering when doing everything from online banking to communicating with your friends. This is important because over a regular HTTP connection, someone else on the network can read or modify the website before you see it, putting you at risk.
Posts: 581
Threads: 2
Joined: Oct 2017
Reputation:
26
(02-19-2019, 07:09 PM)Canard Wrote: Just wondering, what would this do for the forum? It's a public forum and everything we post is available to anyone in a browser.
First off, it would be nice if my login password is not transmitted in plain text. If my computer was connected to the same network as you when you logged in, I could find out what the password you used for the site is when you hit login within two seconds with the appropriate software loaded on my laptop. This is a bad thing if you use the same password on other sites, such as your banking or email account. (Which a lot of people tend to do).
Secondly, HTTP at this point should be considered "legacy" technology. Back in the infancy of the world wide web, I understand why no one outside of banks used it, due to the increased overhead of encrypting data, as processors of that era was not that fast (The first time I accessed a WWW page was on a computer with a 33 Megahertz processor and 4 megabytes of RAM). Nowadays that's a non-issue with the speeds of modern computers.
And thirdly, with programs like Let's Encrypt out there, there is no real reason not to as you can get a basic SSL certificate for free as long as you have a supported web provider or are renting a Linux or Windows VPS to host the page. (However it looks like GoDaddy is hosting this site based on the IP though, and they won't support Let's Encrypt as it competes with their own SSL Cert business)
Posts: 10,499
Threads: 66
Joined: Sep 2014
Reputation:
330
(02-19-2019, 08:39 PM)bgb_ca Wrote: And thirdly, with programs like Let's Encrypt out there, there is no real reason not to as you can get a basic SSL certificate for free as long as you have a supported web provider or are renting a Linux or Windows VPS to host the page. (However it looks like GoDaddy is hosting this site based on the IP though, and they won't support Let's Encrypt as it competes with their own SSL Cert business)
GoDaddy SSL certificates are only C$12 for the first year, and C$100 thereafter, so not expensive there, either. Comodo InstantSSL is only $21/year from namecheap.com.
Posts: 2,009
Threads: 18
Joined: Aug 2014
Reputation:
46
(02-19-2019, 09:00 PM)tomh009 Wrote: (02-19-2019, 08:39 PM)bgb_ca Wrote: And thirdly, with programs like Let's Encrypt out there, there is no real reason not to as you can get a basic SSL certificate for free as long as you have a supported web provider or are renting a Linux or Windows VPS to host the page. (However it looks like GoDaddy is hosting this site based on the IP though, and they won't support Let's Encrypt as it competes with their own SSL Cert business)
GoDaddy SSL certificates are only C$12 for the first year, and C$100 thereafter, so not expensive there, either. Comodo InstantSSL is only $21/year from namecheap.com.
Not super expensive but a lot more than $0 for the same service...
Posts: 10,499
Threads: 66
Joined: Sep 2014
Reputation:
330
(02-20-2019, 01:18 AM)plam Wrote: (02-19-2019, 09:00 PM)tomh009 Wrote: GoDaddy SSL certificates are only C$12 for the first year, and C$100 thereafter, so not expensive there, either. Comodo InstantSSL is only $21/year from namecheap.com.
Not super expensive but a lot more than $0 for the same service...
They do cost an infinite percentage more. But if they are not supported, Let's Encrypt certificates are not really relevant.
Posts: 2,009
Threads: 18
Joined: Aug 2014
Reputation:
46
(02-20-2019, 02:47 PM)tomh009 Wrote: (02-20-2019, 01:18 AM)plam Wrote: Not super expensive but a lot more than $0 for the same service...
They do cost an infinite percentage more. But if they are not supported, Let's Encrypt certificates are not really relevant.
I'd be happy to help migrate the site away from GoDaddy.
|