Jump to content
Guest ad-ARO-ble

SSL?

Recommended Posts

Guest ad-ARO-ble

Would it be possible to allow an SSL version of the site. (i.e, encrypt data).

Currently the SSL certificate for the https site is for lunarbreeze.com for some reason.

With Let's Encrypt a certificate wouldn't cost, and would allow better security for everyone on the site.

Share this post


Link to post
Share on other sites

I thought about making a post on this, but I didn't really know enough about it... Only really came across it because it could be a way to bypass my school's block on the site, so...

Share this post


Link to post
Share on other sites

It actually isn't free. My web host won't install a SSL certificate unless I have a dedicated IP address. That would cost me another 5 bucks per month. :(

  • Like 2

Share this post


Link to post
Share on other sites

I think this would be important if we were running a store front and accepting payments, but we aren't. What kind of concerns do you have with missing SSL here?

  • Like 1

Share this post


Link to post
Share on other sites

Seems overkill for a forum on which we are anonymous

Share this post


Link to post
Share on other sites
Guest ad-ARO-ble

Just having passwords feels like grounds enough to use SSL tbh.

It sucks that your web host doesnt give dedicated ip's, i would have thought that would be standard.

Share this post


Link to post
Share on other sites
16 hours ago, ad-ARO-ble said:

Just having passwords feels like grounds enough to use SSL tbh.

It sucks that your web host doesnt give dedicated ip's, i would have thought that would be standard.

So you should use a password that you don't use on any other site

Share this post


Link to post
Share on other sites
3 hours ago, Robin said:

So you should use a password that you don't use on any other site

I guess it was a good idea not to cop out and use the same one for this site/AVEN as I do for a bunch of other sites then... :P

  • Like 1

Share this post


Link to post
Share on other sites

Wow, I never realized how expensive SSL certificates are until I searched just now. That's horrifying.

  • Like 1

Share this post


Link to post
Share on other sites
3 hours ago, Blue Phoenix Ace said:

That's generally good advice for any internet user. :)

Yeah... I generally use a similar password for sites I don't care about (like weird internet games) because I don't think anyone would want to hack that anyway and also... I don't care about it. But certain sites I change the password to be more secure xD

  • Like 1

Share this post


Link to post
Share on other sites
Guest ad-ARO-ble
22 hours ago, DeMorgan said:

Wow, I never realized how expensive SSL certificates are until I searched just now. That's horrifying.

 

That's why I suggested Let's Encrypt. Because FREE!

 

Share this post


Link to post
Share on other sites

I'm not sure how people can get away with charging an arm and a leg for a certificate, when other people are handing them out for free. Are some SSL certificates somehow superior to others? I don't quite understand.

 

In any case, in the far distant future, if we did open a storefront then I would certainly look into it.

Share this post


Link to post
Share on other sites
Guest ad-ARO-ble
On 30 April 2016 at 6:26 PM, Blue Phoenix Ace said:

I'm not sure how people can get away with charging an arm and a leg for a certificate, when other people are handing them out for free. Are some SSL certificates somehow superior to others? I don't quite understand.

 

Let's Encrypt is a project by the EFF, Mozilla and a few other organisations to make encryption almost the default. The reason that they are the first to give them away is because they are the first organisation to be well known enough to become a certificate authority without it costing the earth.

 

To create SSL certificates, you basically have to tell everyone on the Internet that you make SSL certificates, and how to recognise your ones. To do this takes a lot of effort and money, so most certificate authorities will charge for a certificate.

 

Also, it supposedly keeps them from handing out fake certificates, but let's encrypt wouldn't do this either, because it's set up by people who like encryption.

Share this post


Link to post
Share on other sites

This seems like a bit of an overkill for well, not much at all.

Share this post


Link to post
Share on other sites
Guest ad-ARO-ble

Last time I suggested this, Let's Encrypt was still in its infancy. It's now more mature and should be much easier to get a free certificate.

 

And with increasing interception of communications (see investigatory powers act), I think that encryption is more important than ever.

 

I'm willing to pay for it, if Let's Encrypt isn't viable.

Share this post


Link to post
Share on other sites

Let's Encrypt is only supported on dedicated servers. Arocalypse is on shared hosting, and it's up to the web host to support it. After a quick search, it appears that this web host doesn't. We must either pay for dedicated hosting or pay for an SSL certificate, which honestly isn't worth it for a small forum.

Share this post


Link to post
Share on other sites
Guest ad-ARO-ble
20 minutes ago, Robin said:

Let's Encrypt is only supported on dedicated servers. Arocalypse is on shared hosting, and it's up to the web host to support it. After a quick search, it appears that this web host doesn't. We must either pay for dedicated hosting or pay for an SSL certificate, which honestly isn't worth it for a small forum.

 

5 hours ago, ad-ARO-ble said:

I'm willing to pay for it, if Let's Encrypt isn't viable.

 

Share this post


Link to post
Share on other sites

Wouldn't it be better to support the server cost itself first? But if you're that bothered by SSL, I guess?

Share this post


Link to post
Share on other sites
On 1/3/2017 at 3:18 PM, ad-ARO-ble said:

 

 

 

It's not just a matter of cashola (though it is also a deterrent), it's a matter of uprooting everything to move web hosts. I honestly don't see enough benefit from that just yet. Again, if we open a storefront and start accepting payments for Aro merch, then I'll reconsider.

 

EDIT: Wow, that quote didn't work too well did it? LOL

  • Like 2

Share this post


Link to post
Share on other sites
Guest ad-ARO-ble

If you cannot provide basic security to your users, I ask that you do all that you can to delete/deactivate my account and ALL INFORMATION THAT COULD BE USED TO IDENTIFY ME OR IS OTHERWISE CONSIDERED PERSONAL INFORMATION IN THE UK, as I do not believe that you are taking the necessary precautions to safeguard it.

Share this post


Link to post
Share on other sites
12 minutes ago, ad-ARO-ble said:

If you cannot provide basic security to your users, I ask that you do all that you can to delete/deactivate my account and ALL INFORMATION THAT COULD BE USED TO IDENTIFY ME OR IS OTHERWISE CONSIDERED PERSONAL INFORMATION IN THE UK, as I do not believe that you are taking the necessary precautions to safeguard it.

 

 

EDIT: Actually, VPN would be your best bet. Even if we used SSL, it wouldn't prevent the government from knowing that your IP has visited this domain, and that is the only thing the UK is storing. If you don't want the government to know you're aromantic, use a VPN.

Share this post


Link to post
Share on other sites
Guest ad-ARO-ble
10 minutes ago, Robin said:

EDIT: Actually, VPN would be your best bet. Even if we used SSL, it wouldn't prevent the government from knowing that your IP has visited this domain, and that is the only thing the UK is storing. If you don't want the government to know you're aromantic, use a VPN.

Because a VPN won't do anything for: MITM attacks, potential unseen poor security practices, etc.\

I'm not worried about what the UK government is tracking. I have that covered.

Share this post


Link to post
Share on other sites
4 minutes ago, ad-ARO-ble said:

Because a VPN won't do anything for: MITM attacks, potential unseen poor security practices, etc.\

I'm not worried about what the UK government is tracking. I have that covered.

Well, that's true, but this is literally just a forum. Not handling sensitive information here, at least not personally identifiable ones.

Share this post


Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...