Why no HTTPS?

Derstn · Dec 14, 2016

Why is this NOT using SSL in this day and age? There are user credentials being passed in plain text since the connection to the site is not encrypted.

Please tell me that the passwords are salted and only hashes are stored in the DB.

MickeyDubs · Dec 15, 2016

Derstn said:
Why is this NOT using SSL in this day and age? There are user credentials being passed in plain text since the connection to the site is not encrypted.

Please tell me that the passwords are salted and only hashes are stored in the DB.

SSL certification costs money...

All you're sending is your password for this website. Unless you use the same password on car forums as your bank account / credit card accounts then the password alone doesn't mean anything...

And even then, someone needs to be monitoring your internet traffic- which, if that's the case, I doubt this forum is the most of your worries.

chokesmaster · Dec 15, 2016

MickeyDubs said:
SSL certification costs money...

All you're sending is your password for this website. Unless you use the same password on car forums as your bank account / credit card accounts then the password alone doesn't mean anything...

And even then, someone needs to be monitoring your internet traffic- which, if that's the case, I doubt this forum is the most of your worries.

Wildcard SSL certificates are 60$/year so it is not expensive at all considering the revenue this site can have. It's just a bit trickier to setup on a forum like this. But that should not keep the admin to enable SSL.

Derstn · Dec 16, 2016

MickeyDubs said:
SSL certification costs money...

All you're sending is your password for this website. Unless you use the same password on car forums as your bank account / credit card accounts then the password alone doesn't mean anything...

And even then, someone needs to be monitoring your internet traffic- which, if that's the case, I doubt this forum is the most of your worries.

The cost for a single domain cert is next to nothing. Wildcards are expensive. The issue comes from passing credentials at all in plain text. It's a best practice to encrypt any authentication requests.

Really, it's not just about the password I use for this site, it's about the principle of encrypting authentication period. It's becoming an industry standard and should be implemented as soon as a web host is brought up.

Derstn · Dec 16, 2016

chokesmaster said:
Wildcard SSL certificates are 60$/year so it is not expensive at all considering the revenue this site can have. It's just a bit trickier to setup on a forum like this. But that should not keep the admin to enable SSL.

There aren't even subdomains. It's one domain cert, which can be had for 10 bucks a year. I'm sure the ads on every page have covered that this week alone.

Boz · Dec 16, 2016

Hmmm...

Now I have an excuse if I start posting really stupid things here. It wasn't me...somebody decided to hack an internet forum and steal my password!

Maybe I'm not even posting this message!? Or AM I!? Who knows!?

Why no HTTPS?

Derstn

Member

MickeyDubs

Senior Member

chokesmaster

Senior Member

Derstn

Member

Derstn

Member

Boz

Senior Member

Similar threads