Guest ad-ARO-ble Posted January 11, 2017 Share Posted January 11, 2017 5 minutes ago, Robin said: Well, that's true, but this is literally just a forum. Not handling sensitive information here, at least not personally identifiable ones. Ok. ok. I'm going to ask @Blue Phoenix Ace a question that is kind of the reason that I made this thread. How are you storing passwords for this site, @Blue Phoenix Ace? Link to comment Share on other sites More sharing options...
SoulWolf Posted January 11, 2017 Share Posted January 11, 2017 I'm going to go out on a limb and guess that they're stored encrypted in a database, like how most forum software does it. SSL is nice to have if you access the site from public internet wifi or something, but if you just come here from your home network, and if your home network is safe, then it's not really a big deal, IMO. cPanel said at some point that they plan to include Let's Encrypt in a newer version of their host panel thingy. (I also host a forum on a different topic, and I personally am not going to bother about SSL until it literally becomes a quick "just tick one checkbox to set up" kind of deal)... Link to comment Share on other sites More sharing options...
Robin Posted January 11, 2017 Share Posted January 11, 2017 24 minutes ago, ad-ARO-ble said: Ok. ok. I'm going to ask @Blue Phoenix Ace a question that is kind of the reason that I made this thread. How are you storing passwords for this site, @Blue Phoenix Ace? Apocalypse is running on IPB. The software takes care of the passwords, not Blue Phoenix Ace. It's just a question of whether you trust this forum software to handle passwords correctly. 4 minutes ago, SoulWolf said: I'm going to go out on a limb and guess that they're stored encrypted in a database, like how most forum software does it. SSL is nice to have if you access the site from public internet wifi or something, but if you just come here from your home network, and if your home network is safe, then it's not really a big deal, IMO. cPanel said at some point that they plan to include Let's Encrypt in a newer version of their host panel thingy. (I also host a forum on a different topic, and I personally am not going to bother about SSL until it literally becomes a quick "just tick one checkbox to set up" kind of deal)... 1. Storing passwords encrypted isn't the correct way to do things. You need to salt and hash. 2. It's actually a legit concern even if you're at home, because of the routing from your home to the web server is in the clear. The question is whether it's worth it to set it up for a forum, which is low security. 3. cPanel is only the interface for web server settings. It's up to the web host to implement Let's Encrypt. The web host that Arocalypse is on does not plan to do so in the near future. Link to comment Share on other sites More sharing options...
Blue Phoenix Ace Posted January 12, 2017 Share Posted January 12, 2017 If you think the site is not secure enough, then don't put any sensitive information on here. It's as simple as that. Would you like me to delete your account still? Link to comment Share on other sites More sharing options...
Guest ad-ARO-ble Posted January 14, 2017 Share Posted January 14, 2017 Yes please Link to comment Share on other sites More sharing options...
Momo Posted July 6, 2017 Share Posted July 6, 2017 On 01/05/2016 at 3:26 AM, Blue Phoenix Ace said: I'm not sure how people can get away with charging an arm and a leg for a certificate, when other people are handing them out for free. Are some SSL certificates somehow superior to others? I don't quite understand. In short, yes. But for something like Arocalypse you only need the most basic version you can find. You can usually find something appropriate for $20-30 which is definitely more than nothing but oh well. Some of the (much) bigger hosts do offer them for free as part of your package. On 12/01/2017 at 0:39 AM, SoulWolf said: I also host a forum on a different topic, and I personally am not going to bother about SSL until it literally becomes a quick "just tick one checkbox to set up" kind of deal This isn't likely to be able to happen, due to the vagaries of how SSL actually works (unless you get them from one of the bigger hosts like AWS mentioned above which are allowed to sign their own certificates) --- I would actually be interested in this as well for a variety of reasons. If it's just a question of money, then it seems like the best counterpoint is "Well, how does one provide financial or technical aid to Arocalypse?" Link to comment Share on other sites More sharing options...
SoulWolf Posted July 7, 2017 Share Posted July 7, 2017 3 hours ago, Momo said: This isn't likely to be able to happen, due to the vagaries of how SSL actually works (unless you get them from one of the bigger hosts like AWS mentioned above which are allowed to sign their own certificates) Actually, quite recently my host upgraded some stuff, and in WHM I can select a thing called AutoSSL which just automatically gets free certificates, and renews them when they expire. It is literally just one box to tick. I think Comodo sponsors that feature, so it exists, but I guess it's up to each hosting provider to decide to enable it or not. Link to comment Share on other sites More sharing options...
Blue Phoenix Ace Posted July 9, 2017 Share Posted July 9, 2017 Unfortunately, it's not that simple with my web host. Link to comment Share on other sites More sharing options...
SoulWolf Posted July 9, 2017 Share Posted July 9, 2017 Maybe eventually all hosts will support it. I think that is the plan. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.