Guest ad-ARO-ble Posted April 26, 2016 Share Posted April 26, 2016 Would it be possible to allow an SSL version of the site. (i.e, encrypt data). Currently the SSL certificate for the https site is for lunarbreeze.com for some reason. With Let's Encrypt a certificate wouldn't cost, and would allow better security for everyone on the site. Link to comment Share on other sites More sharing options...
owl Posted April 26, 2016 Share Posted April 26, 2016 I thought about making a post on this, but I didn't really know enough about it... Only really came across it because it could be a way to bypass my school's block on the site, so... Link to comment Share on other sites More sharing options...
Blue Phoenix Ace Posted April 26, 2016 Share Posted April 26, 2016 It actually isn't free. My web host won't install a SSL certificate unless I have a dedicated IP address. That would cost me another 5 bucks per month. Link to comment Share on other sites More sharing options...
Blue Phoenix Ace Posted April 26, 2016 Share Posted April 26, 2016 I think this would be important if we were running a store front and accepting payments, but we aren't. What kind of concerns do you have with missing SSL here? Link to comment Share on other sites More sharing options...
Robin Posted April 26, 2016 Share Posted April 26, 2016 Seems overkill for a forum on which we are anonymous Link to comment Share on other sites More sharing options...
Guest ad-ARO-ble Posted April 27, 2016 Share Posted April 27, 2016 Just having passwords feels like grounds enough to use SSL tbh. It sucks that your web host doesnt give dedicated ip's, i would have thought that would be standard. Link to comment Share on other sites More sharing options...
Blue Phoenix Ace Posted April 27, 2016 Share Posted April 27, 2016 The best things in life cost money. Like dedicated IP addresses. Link to comment Share on other sites More sharing options...
Robin Posted April 27, 2016 Share Posted April 27, 2016 16 hours ago, ad-ARO-ble said: Just having passwords feels like grounds enough to use SSL tbh. It sucks that your web host doesnt give dedicated ip's, i would have thought that would be standard. So you should use a password that you don't use on any other site Link to comment Share on other sites More sharing options...
Spud Posted April 28, 2016 Share Posted April 28, 2016 3 hours ago, Robin said: So you should use a password that you don't use on any other site I guess it was a good idea not to cop out and use the same one for this site/AVEN as I do for a bunch of other sites then... Link to comment Share on other sites More sharing options...
Blue Phoenix Ace Posted April 28, 2016 Share Posted April 28, 2016 That's generally good advice for any internet user. Link to comment Share on other sites More sharing options...
DeMorgan Posted April 28, 2016 Share Posted April 28, 2016 Wow, I never realized how expensive SSL certificates are until I searched just now. That's horrifying. Link to comment Share on other sites More sharing options...
Spud Posted April 29, 2016 Share Posted April 29, 2016 3 hours ago, Blue Phoenix Ace said: That's generally good advice for any internet user. Yeah... I generally use a similar password for sites I don't care about (like weird internet games) because I don't think anyone would want to hack that anyway and also... I don't care about it. But certain sites I change the password to be more secure Link to comment Share on other sites More sharing options...
Guest ad-ARO-ble Posted April 29, 2016 Share Posted April 29, 2016 22 hours ago, DeMorgan said: Wow, I never realized how expensive SSL certificates are until I searched just now. That's horrifying. That's why I suggested Let's Encrypt. Because FREE! Link to comment Share on other sites More sharing options...
Blue Phoenix Ace Posted April 30, 2016 Share Posted April 30, 2016 I'm not sure how people can get away with charging an arm and a leg for a certificate, when other people are handing them out for free. Are some SSL certificates somehow superior to others? I don't quite understand. In any case, in the far distant future, if we did open a storefront then I would certainly look into it. Link to comment Share on other sites More sharing options...
Guest ad-ARO-ble Posted May 3, 2016 Share Posted May 3, 2016 On 30 April 2016 at 6:26 PM, Blue Phoenix Ace said: I'm not sure how people can get away with charging an arm and a leg for a certificate, when other people are handing them out for free. Are some SSL certificates somehow superior to others? I don't quite understand. Let's Encrypt is a project by the EFF, Mozilla and a few other organisations to make encryption almost the default. The reason that they are the first to give them away is because they are the first organisation to be well known enough to become a certificate authority without it costing the earth. To create SSL certificates, you basically have to tell everyone on the Internet that you make SSL certificates, and how to recognise your ones. To do this takes a lot of effort and money, so most certificate authorities will charge for a certificate. Also, it supposedly keeps them from handing out fake certificates, but let's encrypt wouldn't do this either, because it's set up by people who like encryption. Link to comment Share on other sites More sharing options...
Tal Shi'ar Posted May 3, 2016 Share Posted May 3, 2016 This seems like a bit of an overkill for well, not much at all. Link to comment Share on other sites More sharing options...
Guest ad-ARO-ble Posted January 3, 2017 Share Posted January 3, 2017 Last time I suggested this, Let's Encrypt was still in its infancy. It's now more mature and should be much easier to get a free certificate. And with increasing interception of communications (see investigatory powers act), I think that encryption is more important than ever. I'm willing to pay for it, if Let's Encrypt isn't viable. Link to comment Share on other sites More sharing options...
Robin Posted January 3, 2017 Share Posted January 3, 2017 Let's Encrypt is only supported on dedicated servers. Arocalypse is on shared hosting, and it's up to the web host to support it. After a quick search, it appears that this web host doesn't. We must either pay for dedicated hosting or pay for an SSL certificate, which honestly isn't worth it for a small forum. Link to comment Share on other sites More sharing options...
Guest ad-ARO-ble Posted January 3, 2017 Share Posted January 3, 2017 20 minutes ago, Robin said: Let's Encrypt is only supported on dedicated servers. Arocalypse is on shared hosting, and it's up to the web host to support it. After a quick search, it appears that this web host doesn't. We must either pay for dedicated hosting or pay for an SSL certificate, which honestly isn't worth it for a small forum. 5 hours ago, ad-ARO-ble said: I'm willing to pay for it, if Let's Encrypt isn't viable. Link to comment Share on other sites More sharing options...
Robin Posted January 3, 2017 Share Posted January 3, 2017 Wouldn't it be better to support the server cost itself first? But if you're that bothered by SSL, I guess? Link to comment Share on other sites More sharing options...
Blue Phoenix Ace Posted January 10, 2017 Share Posted January 10, 2017 On 1/3/2017 at 3:18 PM, ad-ARO-ble said: It's not just a matter of cashola (though it is also a deterrent), it's a matter of uprooting everything to move web hosts. I honestly don't see enough benefit from that just yet. Again, if we open a storefront and start accepting payments for Aro merch, then I'll reconsider. EDIT: Wow, that quote didn't work too well did it? LOL Link to comment Share on other sites More sharing options...
Guest ad-ARO-ble Posted January 11, 2017 Share Posted January 11, 2017 If you cannot provide basic security to your users, I ask that you do all that you can to delete/deactivate my account and ALL INFORMATION THAT COULD BE USED TO IDENTIFY ME OR IS OTHERWISE CONSIDERED PERSONAL INFORMATION IN THE UK, as I do not believe that you are taking the necessary precautions to safeguard it. Link to comment Share on other sites More sharing options...
Robin Posted January 11, 2017 Share Posted January 11, 2017 12 minutes ago, ad-ARO-ble said: If you cannot provide basic security to your users, I ask that you do all that you can to delete/deactivate my account and ALL INFORMATION THAT COULD BE USED TO IDENTIFY ME OR IS OTHERWISE CONSIDERED PERSONAL INFORMATION IN THE UK, as I do not believe that you are taking the necessary precautions to safeguard it. EDIT: Actually, VPN would be your best bet. Even if we used SSL, it wouldn't prevent the government from knowing that your IP has visited this domain, and that is the only thing the UK is storing. If you don't want the government to know you're aromantic, use a VPN. Link to comment Share on other sites More sharing options...
Guest ad-ARO-ble Posted January 11, 2017 Share Posted January 11, 2017 10 minutes ago, Robin said: EDIT: Actually, VPN would be your best bet. Even if we used SSL, it wouldn't prevent the government from knowing that your IP has visited this domain, and that is the only thing the UK is storing. If you don't want the government to know you're aromantic, use a VPN. Because a VPN won't do anything for: MITM attacks, potential unseen poor security practices, etc.\ I'm not worried about what the UK government is tracking. I have that covered. Link to comment Share on other sites More sharing options...
Robin Posted January 11, 2017 Share Posted January 11, 2017 4 minutes ago, ad-ARO-ble said: Because a VPN won't do anything for: MITM attacks, potential unseen poor security practices, etc.\ I'm not worried about what the UK government is tracking. I have that covered. Well, that's true, but this is literally just a forum. Not handling sensitive information here, at least not personally identifiable ones. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.