Jump to content
Guest ad-ARO-ble

SSL?

Recommended Posts

Guest ad-ARO-ble
5 minutes ago, Robin said:

Well, that's true, but this is literally just a forum. Not handling sensitive information here, at least not personally identifiable ones.

Ok. ok. I'm going to ask @Blue Phoenix Ace a question that is kind of the reason that I made this thread.

How are you storing passwords for this site, @Blue Phoenix Ace?
 

 

Share this post


Link to post
Share on other sites

I'm going to go out on a limb and guess that they're stored encrypted in a database, like how most forum software does it.

 

SSL is nice to have if you access the site from public internet wifi or something, but if you just come here from your home network, and if your home network is safe, then it's not really a big deal, IMO.

 

cPanel said at some point that they plan to include Let's Encrypt in a newer version of their host panel thingy. (I also host a forum on a different topic, and I personally am not going to bother about SSL until it literally becomes a quick "just tick one checkbox to set up" kind of deal)...

Share this post


Link to post
Share on other sites
24 minutes ago, ad-ARO-ble said:

Ok. ok. I'm going to ask @Blue Phoenix Ace a question that is kind of the reason that I made this thread.

How are you storing passwords for this site, @Blue Phoenix Ace?
 

 

Apocalypse is running on IPB. The software takes care of the passwords, not Blue Phoenix Ace. It's just a question of whether you trust this forum software to handle passwords correctly.

 

4 minutes ago, SoulWolf said:

I'm going to go out on a limb and guess that they're stored encrypted in a database, like how most forum software does it.

 

SSL is nice to have if you access the site from public internet wifi or something, but if you just come here from your home network, and if your home network is safe, then it's not really a big deal, IMO.

 

cPanel said at some point that they plan to include Let's Encrypt in a newer version of their host panel thingy. (I also host a forum on a different topic, and I personally am not going to bother about SSL until it literally becomes a quick "just tick one checkbox to set up" kind of deal)...

1. Storing passwords encrypted isn't the correct way to do things. You need to salt and hash.

2. It's actually a legit concern even if you're at home, because of the routing from your home to the web server is in the clear. The question is whether it's worth it to set it up for a forum, which is low security.

3. cPanel is only the interface for web server settings. It's up to the web host to implement Let's Encrypt. The web host that Arocalypse is on does not plan to do so in the near future.

Share this post


Link to post
Share on other sites

If you think the site is not secure enough, then don't put any sensitive information on here. It's as simple as that. Would you like me to delete your account still?

  • Like 3

Share this post


Link to post
Share on other sites
On 01/05/2016 at 3:26 AM, Blue Phoenix Ace said:

I'm not sure how people can get away with charging an arm and a leg for a certificate, when other people are handing them out for free. Are some SSL certificates somehow superior to others? I don't quite understand.

In short, yes. But for something like Arocalypse you only need the most basic version you can find. You can usually find something appropriate for $20-30 which is definitely more than nothing but oh well. Some of the (much) bigger hosts do offer them for free as part of your package.

 

On 12/01/2017 at 0:39 AM, SoulWolf said:

I also host a forum on a different topic, and I personally am not going to bother about SSL until it literally becomes a quick "just tick one checkbox to set up" kind of deal

This isn't likely to be able to happen, due to the vagaries of how SSL actually works (unless you get them from one of the bigger hosts like AWS mentioned above which are allowed to sign their own certificates)

 

---

 

I would actually be interested in this as well for a variety of reasons. If it's just a question of money, then it seems like the best counterpoint is "Well, how does one provide financial or technical aid to Arocalypse?"

  • Like 2

Share this post


Link to post
Share on other sites
3 hours ago, Momo said:

This isn't likely to be able to happen, due to the vagaries of how SSL actually works (unless you get them from one of the bigger hosts like AWS mentioned above which are allowed to sign their own certificates)

Actually, quite recently my host upgraded some stuff, and in WHM I can select a thing called AutoSSL which just automatically gets free certificates, and renews them when they expire. It is literally just one box to tick. I think Comodo sponsors that feature, so it exists, but I guess it's up to each hosting provider to decide to enable it or not.

Share this post


Link to post
Share on other sites

Maybe eventually all hosts will support it. I think that is the plan.

Share this post


Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...