+- BlackLiquid Forums (https://www.blackliquidsoftware.com/forum)
+-- Forum: Black Liquid (https://www.blackliquidsoftware.com/forum/forumdisplay.php?fid=4)
+--- Forum: The Inn & Garden (https://www.blackliquidsoftware.com/forum/forumdisplay.php?fid=11)
+--- Thread: Site Security (/showthread.php?tid=433)
Site Security - Ihateforcedsignups - 11-10-2017
SSL certificates can be had for free nowadays, why do signins and signups have to send their passwords over plain text?
Site Security - CaptVader - 11-10-2017
Not like it's your bank website. You think someone is going to hack your account here and post porn or something?
Site Security - Blinkin - 12-11-2017
The point of https isn't only protecting such data. It's (kinda) protecting privacy and such. Besides search machines like Google will put your site higher in the results if it has https.
There shouldn't be many reasons why https wouldn't be possible. Let's Encrypt and cPanel's AutoSSL for example could do this without much hassle. If the forum software allows it you could force https for everyone with a simple .htaccess edit by adding to following code on top (valid SSL certificate is required):
Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\Comodo\DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.+$
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]I'm using Smart HTTPS to force every site with an SSL certificate to use https, these forums have been whitelisted so it keeps using http. [img]<fileStore.core_Emoticons>/emoticons/unsure.png[/img]/emoticons/unsure@2x.png 2x" title=":/" width="20" />
Site Security - VXL - 02-25-2018
I strongly second this request. [img]<fileStore.core_Emoticons>/emoticons/58462f70003fe_EmojisApplebyKawaiiDarkToxic553.png[/img]
Given you care for your members how come this problem hasn't been addressed yet? [img]<fileStore.core_Emoticons>/emoticons/5846305d4b2bb_EmojisApplebyKawaiiDarkToxic772.png[/img]
Quote:
On 11/11/2017 at 3:52 AM, CaptVader said:
<p style="font-size:13px;">
Not like it's your bank website. You think someone is going to hack your account here and post porn or something?
It's quite scary how many people are still using the same login and password to register to a number of different websites, not to mention the ones leaving their email account unprotected by two factors authentication (which potentially makes it possible for an attacker to lock out the owner from all of his/her registered websites).
No matter how hard you try to educate people about online data security and their privacy, there's still an amazingly large number of people not listening, not caring or not knowing enough to better protect themselves. When users are failing to keep themselves safe it's the duty of the service provider to take simple steps to make sure sensitive data is not at risk... Please do something about it!