Jump to content

SSL?


Guest ad-ARO-ble

Recommended Posts

Guest ad-ARO-ble
5 minutes ago, Robin said:

Well, that's true, but this is literally just a forum. Not handling sensitive information here, at least not personally identifiable ones.

Ok. ok. I'm going to ask @Blue Phoenix Ace a question that is kind of the reason that I made this thread.

How are you storing passwords for this site, @Blue Phoenix Ace?
 

 

Link to comment
Share on other sites

I'm going to go out on a limb and guess that they're stored encrypted in a database, like how most forum software does it.

 

SSL is nice to have if you access the site from public internet wifi or something, but if you just come here from your home network, and if your home network is safe, then it's not really a big deal, IMO.

 

cPanel said at some point that they plan to include Let's Encrypt in a newer version of their host panel thingy. (I also host a forum on a different topic, and I personally am not going to bother about SSL until it literally becomes a quick "just tick one checkbox to set up" kind of deal)...

Link to comment
Share on other sites

24 minutes ago, ad-ARO-ble said:

Ok. ok. I'm going to ask @Blue Phoenix Ace a question that is kind of the reason that I made this thread.

How are you storing passwords for this site, @Blue Phoenix Ace?
 

 

Apocalypse is running on IPB. The software takes care of the passwords, not Blue Phoenix Ace. It's just a question of whether you trust this forum software to handle passwords correctly.

 

4 minutes ago, SoulWolf said:

I'm going to go out on a limb and guess that they're stored encrypted in a database, like how most forum software does it.

 

SSL is nice to have if you access the site from public internet wifi or something, but if you just come here from your home network, and if your home network is safe, then it's not really a big deal, IMO.

 

cPanel said at some point that they plan to include Let's Encrypt in a newer version of their host panel thingy. (I also host a forum on a different topic, and I personally am not going to bother about SSL until it literally becomes a quick "just tick one checkbox to set up" kind of deal)...

1. Storing passwords encrypted isn't the correct way to do things. You need to salt and hash.

2. It's actually a legit concern even if you're at home, because of the routing from your home to the web server is in the clear. The question is whether it's worth it to set it up for a forum, which is low security.

3. cPanel is only the interface for web server settings. It's up to the web host to implement Let's Encrypt. The web host that Arocalypse is on does not plan to do so in the near future.

Link to comment
Share on other sites

  • 5 months later...
On 01/05/2016 at 3:26 AM, Blue Phoenix Ace said:

I'm not sure how people can get away with charging an arm and a leg for a certificate, when other people are handing them out for free. Are some SSL certificates somehow superior to others? I don't quite understand.

In short, yes. But for something like Arocalypse you only need the most basic version you can find. You can usually find something appropriate for $20-30 which is definitely more than nothing but oh well. Some of the (much) bigger hosts do offer them for free as part of your package.

 

On 12/01/2017 at 0:39 AM, SoulWolf said:

I also host a forum on a different topic, and I personally am not going to bother about SSL until it literally becomes a quick "just tick one checkbox to set up" kind of deal

This isn't likely to be able to happen, due to the vagaries of how SSL actually works (unless you get them from one of the bigger hosts like AWS mentioned above which are allowed to sign their own certificates)

 

---

 

I would actually be interested in this as well for a variety of reasons. If it's just a question of money, then it seems like the best counterpoint is "Well, how does one provide financial or technical aid to Arocalypse?"

Link to comment
Share on other sites

3 hours ago, Momo said:

This isn't likely to be able to happen, due to the vagaries of how SSL actually works (unless you get them from one of the bigger hosts like AWS mentioned above which are allowed to sign their own certificates)

Actually, quite recently my host upgraded some stuff, and in WHM I can select a thing called AutoSSL which just automatically gets free certificates, and renews them when they expire. It is literally just one box to tick. I think Comodo sponsors that feature, so it exists, but I guess it's up to each hosting provider to decide to enable it or not.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...