Jump to content

SSL?


Guest ad-ARO-ble

Recommended Posts

Guest ad-ARO-ble

Would it be possible to allow an SSL version of the site. (i.e, encrypt data).

Currently the SSL certificate for the https site is for lunarbreeze.com for some reason.

With Let's Encrypt a certificate wouldn't cost, and would allow better security for everyone on the site.

Link to comment
Share on other sites

I thought about making a post on this, but I didn't really know enough about it... Only really came across it because it could be a way to bypass my school's block on the site, so...

Link to comment
Share on other sites

Guest ad-ARO-ble

Just having passwords feels like grounds enough to use SSL tbh.

It sucks that your web host doesnt give dedicated ip's, i would have thought that would be standard.

Link to comment
Share on other sites

16 hours ago, ad-ARO-ble said:

Just having passwords feels like grounds enough to use SSL tbh.

It sucks that your web host doesnt give dedicated ip's, i would have thought that would be standard.

So you should use a password that you don't use on any other site

Link to comment
Share on other sites

3 hours ago, Robin said:

So you should use a password that you don't use on any other site

I guess it was a good idea not to cop out and use the same one for this site/AVEN as I do for a bunch of other sites then... :P

Link to comment
Share on other sites

3 hours ago, Blue Phoenix Ace said:

That's generally good advice for any internet user. :)

Yeah... I generally use a similar password for sites I don't care about (like weird internet games) because I don't think anyone would want to hack that anyway and also... I don't care about it. But certain sites I change the password to be more secure xD

Link to comment
Share on other sites

Guest ad-ARO-ble
22 hours ago, DeMorgan said:

Wow, I never realized how expensive SSL certificates are until I searched just now. That's horrifying.

 

That's why I suggested Let's Encrypt. Because FREE!

 

Link to comment
Share on other sites

I'm not sure how people can get away with charging an arm and a leg for a certificate, when other people are handing them out for free. Are some SSL certificates somehow superior to others? I don't quite understand.

 

In any case, in the far distant future, if we did open a storefront then I would certainly look into it.

Link to comment
Share on other sites

Guest ad-ARO-ble
On 30 April 2016 at 6:26 PM, Blue Phoenix Ace said:

I'm not sure how people can get away with charging an arm and a leg for a certificate, when other people are handing them out for free. Are some SSL certificates somehow superior to others? I don't quite understand.

 

Let's Encrypt is a project by the EFF, Mozilla and a few other organisations to make encryption almost the default. The reason that they are the first to give them away is because they are the first organisation to be well known enough to become a certificate authority without it costing the earth.

 

To create SSL certificates, you basically have to tell everyone on the Internet that you make SSL certificates, and how to recognise your ones. To do this takes a lot of effort and money, so most certificate authorities will charge for a certificate.

 

Also, it supposedly keeps them from handing out fake certificates, but let's encrypt wouldn't do this either, because it's set up by people who like encryption.

Link to comment
Share on other sites

  • 8 months later...
Guest ad-ARO-ble

Last time I suggested this, Let's Encrypt was still in its infancy. It's now more mature and should be much easier to get a free certificate.

 

And with increasing interception of communications (see investigatory powers act), I think that encryption is more important than ever.

 

I'm willing to pay for it, if Let's Encrypt isn't viable.

Link to comment
Share on other sites

Let's Encrypt is only supported on dedicated servers. Arocalypse is on shared hosting, and it's up to the web host to support it. After a quick search, it appears that this web host doesn't. We must either pay for dedicated hosting or pay for an SSL certificate, which honestly isn't worth it for a small forum.

Link to comment
Share on other sites

Guest ad-ARO-ble
20 minutes ago, Robin said:

Let's Encrypt is only supported on dedicated servers. Arocalypse is on shared hosting, and it's up to the web host to support it. After a quick search, it appears that this web host doesn't. We must either pay for dedicated hosting or pay for an SSL certificate, which honestly isn't worth it for a small forum.

 

5 hours ago, ad-ARO-ble said:

I'm willing to pay for it, if Let's Encrypt isn't viable.

 

Link to comment
Share on other sites

On 1/3/2017 at 3:18 PM, ad-ARO-ble said:

 

 

 

It's not just a matter of cashola (though it is also a deterrent), it's a matter of uprooting everything to move web hosts. I honestly don't see enough benefit from that just yet. Again, if we open a storefront and start accepting payments for Aro merch, then I'll reconsider.

 

EDIT: Wow, that quote didn't work too well did it? LOL

Link to comment
Share on other sites

Guest ad-ARO-ble

If you cannot provide basic security to your users, I ask that you do all that you can to delete/deactivate my account and ALL INFORMATION THAT COULD BE USED TO IDENTIFY ME OR IS OTHERWISE CONSIDERED PERSONAL INFORMATION IN THE UK, as I do not believe that you are taking the necessary precautions to safeguard it.

Link to comment
Share on other sites

12 minutes ago, ad-ARO-ble said:

If you cannot provide basic security to your users, I ask that you do all that you can to delete/deactivate my account and ALL INFORMATION THAT COULD BE USED TO IDENTIFY ME OR IS OTHERWISE CONSIDERED PERSONAL INFORMATION IN THE UK, as I do not believe that you are taking the necessary precautions to safeguard it.

 

 

EDIT: Actually, VPN would be your best bet. Even if we used SSL, it wouldn't prevent the government from knowing that your IP has visited this domain, and that is the only thing the UK is storing. If you don't want the government to know you're aromantic, use a VPN.

Link to comment
Share on other sites

Guest ad-ARO-ble
10 minutes ago, Robin said:

EDIT: Actually, VPN would be your best bet. Even if we used SSL, it wouldn't prevent the government from knowing that your IP has visited this domain, and that is the only thing the UK is storing. If you don't want the government to know you're aromantic, use a VPN.

Because a VPN won't do anything for: MITM attacks, potential unseen poor security practices, etc.\

I'm not worried about what the UK government is tracking. I have that covered.

Link to comment
Share on other sites

4 minutes ago, ad-ARO-ble said:

Because a VPN won't do anything for: MITM attacks, potential unseen poor security practices, etc.\

I'm not worried about what the UK government is tracking. I have that covered.

Well, that's true, but this is literally just a forum. Not handling sensitive information here, at least not personally identifiable ones.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...