|
03-18-2015
| Junior Member | | Join Date: Mar 2015
Posts: 45
Thanks: 6
Thanked 13 Times in 6 Posts
Activity: 0% Longevity: 52% | | SSL on Forums "Hello caller, you're on the air!"
Hello everyone, long time listener, first time caller.
I'll cut right to the chase: why isn't there an SSL certificate on the forums? I mean, we're logging in on every single page, and any attacker can intercept our traffic, which includes logins. So, without SSL, any attacker can see our login info.
Also, implementing an SSL cert on vBulletin isn't that hard, a la this link.
So, why not?
Thanks.
|
The complete step-by-step guide to get back to selling today!
| |
03-18-2015
| | Executive [VIP] | | Join Date: Sep 2010
Posts: 14,302
Thanks: 1,110
Thanked 4,934 Times in 3,399 Posts
Activity: 0% Longevity: 79% | | Re: SSL on Forums
Why would we need them? perhaps that would be your best argument in actually implementing them.....
|
03-18-2015
| Junior Member
Threadstarter  
| | Join Date: Mar 2015
Posts: 45
Thanks: 6
Thanked 13 Times in 6 Posts
Activity: 0% Longevity: 52% | | Re: SSL on Forums Quote:
Originally Posted by MM78 Why would we need them? perhaps that would be your best argument in actually implementing them..... | Why? Because it's security for the website. Right now, any hacker with the right skills can see your login information and anything you type onto this website. With an SSL certificate installed, all data is encrypted so nobody can see your username, password, or anything else you type in.
There are very cheap SSL certificates available (less than $10/year). There's even a free one. Not very much configuration is required to get it working.
It gives everyone on the forum much greater security. At this point, there's no excuse not to.
|
03-19-2015
| | Administrator | | Join Date: Jan 2007
Posts: 11,372
Thanks: 3,072
Thanked 4,230 Times in 1,792 Posts
Activity: 0% Longevity: 100% | | Re: SSL on Forums
The website doesn't interact with 3rd party services that would make SSL necessary. Login details do not pass on to other websites. I could only see a use on the local level but even that would be overkill.
Sure it's easy to add but making sure SSL wouldn't be broken or break anything, would be a headache.
It's not really needed at this time but possibly in the future as I have thought about it for other reasons.
| The Following User Says Thank You to aspkin For This Useful Post: | |
03-19-2015
| | Executive [VIP] | | Join Date: Mar 2011
Posts: 4,307
Thanks: 2,202
Thanked 1,342 Times in 961 Posts
Activity: 11% Longevity: 76% | | Re: SSL on Forums
Uber cheap certs == false sense of security
|
03-19-2015
| | Executive [VIP] | | Join Date: Sep 2007
Posts: 42,343
Thanks: 5,612
Thanked 9,142 Times in 7,106 Posts
Activity: 0% Longevity: 96% | | Re: SSL on Forums
Welcome to the forums.
Good Luck as you learn more of stealth ways.
__________________ REAP WHAT YOU SOW. LIFE IS SO NOT FAIR. |
03-19-2015
| | Executive [VIP] | | Join Date: Dec 2009
Posts: 76,025
Thanks: 5,943
Thanked 8,925 Times in 8,217 Posts
Activity: 100% Longevity: 83% | | Re: SSL on Forums
Welcome to the forums - all the best with stealth
|
03-19-2015
| Junior Member
Threadstarter  
| | Join Date: Mar 2015
Posts: 45
Thanks: 6
Thanked 13 Times in 6 Posts
Activity: 0% Longevity: 52% | | Re: SSL on Forums Quote:
Originally Posted by aspkin The website doesn't interact with 3rd party services that would make SSL necessary. Login details do not pass on to other websites. I could only see a use on the local level but even that would be overkill.
Sure it's easy to add but making sure SSL wouldn't be broken or break anything, would be a headache.
It's not really needed at this time but possibly in the future as I have thought about it for other reasons. | Users can login at any page on this site. Usernames and passwords are transmitted in plain text from the user's computer to the server, and can be intercepted anywhere along that path. Especially you, aspkin - what if an attacker got your login info? Imagine what kind of havoc could be wreaked upon this forum. Quote:
Originally Posted by unkown5454 Uber cheap certs == false sense of security | All certs (unless you buy some old cert with old technology like TLS 1.0 or 128-bit encryption) use the same encryption technology. The only thing that differs is the name and warranty.
|
03-19-2015
| | Executive [VIP] | | Join Date: Sep 2010
Posts: 14,302
Thanks: 1,110
Thanked 4,934 Times in 3,399 Posts
Activity: 0% Longevity: 79% | | Re: SSL on Forums
Lets be honest, any website can be hacked at any given time.....All that's required is perseverance and time.
|
03-19-2015
| Junior Member
Threadstarter  
| | Join Date: Mar 2015
Posts: 45
Thanks: 6
Thanked 13 Times in 6 Posts
Activity: 0% Longevity: 52% | | Re: SSL on Forums Quote:
Originally Posted by MM78 Lets be honest, any website can be hacked at any given time.....All that's required is perseverance and time. | Right. But having an SSL certificate on a website will decrease that chance dramatically.
|
03-19-2015
| | Executive [VIP] | | Join Date: Sep 2007
Posts: 42,343
Thanks: 5,612
Thanked 9,142 Times in 7,106 Posts
Activity: 0% Longevity: 96% | | Re: SSL on Forums Quote:
Originally Posted by allster101 Right. But having an SSL certificate on a website will decrease that chance dramatically. | Why are you second guessing what aspkin has told YOU about the forum HE runs?
Think you should appreciate that aspkin will have the best interests of the forum in hand at all times. |
03-19-2015
| | Executive [VIP] | | Join Date: Mar 2011
Posts: 4,307
Thanks: 2,202
Thanked 1,342 Times in 961 Posts
Activity: 11% Longevity: 76% | | Re: SSL on Forums
Since you are obsessed with security, do tell me what information you would gain from siphoning information here? Information that is basically all public. Anyone can sign up here and do whatever they want.
This is not some financial or medical institution where all users have private information that needs to be encrypted.
| The Following User Says Thank You to unkown5454 For This Useful Post: | |
03-19-2015
| | Executive [VIP] | | Join Date: Sep 2010
Posts: 14,302
Thanks: 1,110
Thanked 4,934 Times in 3,399 Posts
Activity: 0% Longevity: 79% | | Re: SSL on Forums Quote:
Originally Posted by unkown5454 Since you are obsessed with security, do tell me what information you would gain from siphoning information here? Information that is basically all public. Anyone can sign up here and do whatever they want.
This is not some financial or medical institution where all users have private information that needs to be encrypted. | Someone could steal our post count!!!!! rsot would be devastated!
| The Following User Says Thank You to MM78 For This Useful Post: | |
03-19-2015
| | Executive [VIP] | | Join Date: Dec 2009
Posts: 76,025
Thanks: 5,943
Thanked 8,925 Times in 8,217 Posts
Activity: 100% Longevity: 83% | | Re: SSL on Forums Quote:
Originally Posted by MM78 Someone could steal our post count!!!!! rsot would be devastated! | Hamsters would go homeless omgzor! Time to move back into MM78's dungeon |
03-20-2015
| | Executive [VIP] | | Join Date: Sep 2007
Posts: 42,343
Thanks: 5,612
Thanked 9,142 Times in 7,106 Posts
Activity: 0% Longevity: 96% | | Re: SSL on Forums
NNNNNNNNNNNNNNNNNNNNNOOOOOOOOOOOOOOOOOOOOOOOOOOOO! !!!!!
We aint goin' to no stinky dungeon again. |
03-20-2015
| | Executive [VIP] | | Join Date: Sep 2007
Posts: 42,343
Thanks: 5,612
Thanked 9,142 Times in 7,106 Posts
Activity: 0% Longevity: 96% | | Re: SSL on Forums Not a horrible dungeon. PLEASE. We'll pedal so darn hard to stay away from there. PLEASE.
__________________ REAP WHAT YOU SOW. LIFE IS SO NOT FAIR.
Last edited by aspkin; 09-29-2017 at 05:35 PM.
|
03-20-2015
| | Senior Member | | Join Date: Jan 2015
Posts: 2,827
Thanks: 286
Thanked 567 Times in 422 Posts
Activity: 0% Longevity: 53% | | Re: SSL on Forums
SSL is not for hiding posts, as anyone can register and read them. SSL is for protecting login details, as currently anyone can sniff traffic / make a phake website, and steal some sensitive login details.
|
03-20-2015
| | Executive [VIP] | | Join Date: Mar 2011
Posts: 4,307
Thanks: 2,202
Thanked 1,342 Times in 961 Posts
Activity: 11% Longevity: 76% | | Re: SSL on Forums
Nothing here is sensitive. This has been the point the whole time muzzie.
No one conducts transactions or any person information through this site. Getting access to someone's forum account is completely useless.
|
03-20-2015
| | Executive [VIP] | | Join Date: Sep 2010
Posts: 14,302
Thanks: 1,110
Thanked 4,934 Times in 3,399 Posts
Activity: 0% Longevity: 79% | | Re: SSL on Forums Quote:
Originally Posted by muzzie SSL is not for hiding posts, as anyone can register and read them. SSL is for protecting login details, as currently anyone can sniff traffic / make a phake website, and steal some sensitive login details. | I think we all know that, what I said was meant as a joke.......apparently not everyone got the joke .
| The Following 2 Users Say Thank You to MM78 For This Useful Post: | |
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts HTML code is Off | | | |