Page 1 of 1

Slitherine Forum should be HTTPS

Posted: Sat Apr 06, 2019 6:09 pm
by Stu2bee
I thought it was industry practice now to have all sites (especially those you login to) to be HTTPS.
Anyone here that is using an open wifi (ie hotspots) can easily have their login credentials captured. Hopefully you are not using these same credentials for anything other than this forum.
If you think I'm offbase here, please post. I was surprised to see the "Not Secure" in the browser during authentication.

Re: Slitherine Forum should be HTTPS

Posted: Sun Apr 07, 2019 11:44 am
by PeteMitchell_2
Thanks for pointing this out. I think this is a very serious topic. phpbb is possible on https, isn't it?

Re: Slitherine Forum should be HTTPS

Posted: Tue Apr 09, 2019 4:47 pm
by Stu2bee
The board could be converted to HTTPS...they already have a ssl cert for their store. Since it's the same URL I imagine it's just the process of updating the backend.

Re: Slitherine Forum should be HTTPS

Posted: Wed Apr 10, 2019 11:05 pm
by mbpopolano24
Yes please update the site

Re: Slitherine Forum should be HTTPS

Posted: Wed Apr 17, 2019 11:32 pm
by krakoburger
It's sort of absurd in 2019 for the site to not be secured.

Re: Slitherine Forum should be HTTPS

Posted: Mon Apr 22, 2019 12:14 pm
by PeteMitchell_2
Well, unfortunately it seems that nobody from Slitherine has responded to this thread yet?

Re: Slitherine Forum should be HTTPS

Posted: Mon Apr 22, 2019 12:39 pm
by zakblood
payment part is everything else isn't and not an issue for most, unless your using wifi on a unknown connection and most browsers and O/S even then, it doesn't affect, seen it on the first post, but as it's not the first one on the same subject, same answer applies

Re: Slitherine Forum should be HTTPS

Posted: Mon Apr 22, 2019 12:46 pm
by PeteMitchell_2
I see, thanks, so I guess there are no plans to migrate it then.

Re: Slitherine Forum should be HTTPS

Posted: Mon Apr 22, 2019 12:49 pm
by zakblood
no idea tbh, office is back open tomorrow and will ask, but normally on web sites, it's not needed as long as the payment part is secure, which it is

Re: Slitherine Forum should be HTTPS

Posted: Wed May 22, 2019 8:30 pm
by krakoburger
I'm not happy when I get a message that my credentials are being submitted on an in-secure log-in.

Re: Slitherine Forum should be HTTPS

Posted: Fri Jul 26, 2019 2:50 am
by Flexderection
How is it?

Re: Slitherine Forum should be HTTPS

Posted: Wed Jul 31, 2019 11:31 am
by Captain_Orso
zakblood wrote:
Mon Apr 22, 2019 12:49 pm
no idea tbh, office is back open tomorrow and will ask, but normally on web sites, it's not needed as long as the payment part is secure, which it is
I'm sorry, but this IS AN ISSUE. It's a major security issue for every person using this site.

It's not a question of someone reading PM's or such. It's a question of someone gaining access to a member's password and their email address, and using those to gain access to other information of the user.

In this day and age, having to lecture a forum admin on data security is appalling. The information is freely available on the internet a thousand times over. There is no excuse for not protecting the information of your users.

Re: Slitherine Forum should be HTTPS

Posted: Wed Jul 31, 2019 1:57 pm
by PoorOldSpike
I'm just a wargamer and know zilch about techy things, but if the problem manifests only with Wifi, can't it be solved if we plug our router directly into the PC instead of using Wifi?

Re: Slitherine Forum should be HTTPS

Posted: Fri Aug 02, 2019 12:00 am
by Captain_Orso
It's not just an issue with WiFi, but public WiFi is one of the easiest ways to snoop. But unencoded communications -- HTTP instead of HTTPS --- is like having a really crappy lock on your front door. Anyone who has a little know-how can break into your home and steal anything laying about. Using HTTPS is like putting a really good lock on your door.

And since you are using your house for discussion groups to meet and visitors have to leave a copy of their ID's in your desk, which they also have to show at the door, if someone can break in through the flimsy lock on the front door, everyone's data is in jeopardy.

Re: Slitherine Forum should be HTTPS

Posted: Mon Aug 12, 2019 8:34 am
by IainMcNeil
Our new website, releasing this week is https. It just wasn't practical to go back and do it before launching the new site.

Re: Slitherine Forum should be HTTPS

Posted: Mon Aug 12, 2019 5:02 pm
by IainMcNeil
You should all see it as https now and a little lock / secure icon!