Results 1 to 5 of 5

Thread: Secure HTTP site?

  1. #1

    Join Date
    Oct 2014
    Location
    Tehachapi, CA
    Posts
    219

    Secure HTTP site?

    When should we expect the eaaforum.org site to become a secure site, using https rather than http? Especially since we need to input a password to access it.

    Browsers are starting to block insecure websites - there's no excuse for having an insecure website that needs passwords to access.

  2. #2
    lnuss's Avatar
    Join Date
    Dec 2013
    Location
    Colorado
    Posts
    279
    I'm curious WHY you want the forums to be secure. Perhaps the login page, but as far as I'm concerned anyone can read anything I post here. No big deal to me...

    Larry N.

  3. #3
    Eric Page's Avatar
    Join Date
    Jul 2011
    Location
    Toledo, WA
    Posts
    315
    It has nothing to do with hiding or showing what you post to the forum, and everything to do with the security of the site itself, and of the traffic between it and its users.

    This site [The HTTPS-Only Standard] is government specific, but it explains a lot about why https has become a near requirement for all websites.
    Eric Page
    Building: Kitfox 5 Safari | Rotax 912iS | Dynon HDX
    Member: EAA Lifetime, AOPA, ALPA
    ATP: AMEL | Comm: ASEL, Glider | ATCS: CTO
    Map of Landings

  4. #4

    Join Date
    Aug 2011
    Location
    Marietta, GA
    Posts
    963
    Quote Originally Posted by Eric Page View Post
    It has nothing to do with hiding or showing what you post to the forum, and everything to do with the security of the site itself, and of the traffic between it and its users.

    This site [The HTTPS-Only Standard] is government specific, but it explains a lot about why https has become a near requirement for all websites.
    If the data between me and the EAA's forum gets hacked, what are the potential consequences? Some hacker sends me naughty pictures instead of airplane content? My posts to the forum become undecipherable after the hacker messes with them?

    I don't have a problem with *more* security, but why do I care, given the content here?

  5. #5
    FlyingRon's Avatar
    Join Date
    Aug 2011
    Location
    NC26 (Catawba, NC)
    Posts
    2,627
    It would be trivially easy and relatively cost free to put security certificates here and get https working. I've set up both vBulletin sites and the better XenForo to do so. You don't even have to buy the certificates anymore. There's a open "Let's Encrypt" source for them now. I've offered assistance to the forum folk here before, without even an acknowledgement.

    Yeah, the value of EAA is small potatoes secruity wise, but other people running vB have been severely hacked by bots, so it's just a matter of time if the administrators bury their heads in the sand and do nothing. It's particularlly problematic if people use (they really should not) the same passwords and user names on multiple sites. The "junk" user id and password I use on such inconsequential sites now shows up compromised by Googles security checks. Of course, I need to be careful because some of the forum sites I administer deal with REAL MONEY (they're tied into a several different payment processors).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •