Forum

SSL on Forums
 

"Hello caller, you're on the air!"

Hello everyone, long time listener, first time caller.

I'll cut right to the chase: why isn't there an SSL certificate on the forums? I mean, we're logging in on every single page, and any attacker can intercept our traffic, which includes logins. So, without SSL, any attacker can see our login info.

Also, implementing an SSL cert on vBulletin isn't that hard, a la this link.

So, why not?

Thanks.

Re: SSL on Forums
 

Why would we need them? perhaps that would be your best argument in actually implementing them.....

Re: SSL on Forums
 

Why? Because it's security for the website. Right now, any hacker with the right skills can see your login information and anything you type onto this website. With an SSL certificate installed, all data is encrypted so nobody can see your username, password, or anything else you type in.

There are very cheap SSL certificates available (less than $10/year). There's even a free one. Not very much configuration is required to get it working.

It gives everyone on the forum much greater security. At this point, there's no excuse not to.

Re: SSL on Forums
 

The website doesn't interact with 3rd party services that would make SSL necessary. Login details do not pass on to other websites. I could only see a use on the local level but even that would be overkill.

Sure it's easy to add but making sure SSL wouldn't be broken or break anything, would be a headache.

It's not really needed at this time but possibly in the future as I have thought about it for other reasons.

Re: SSL on Forums
 

Uber cheap certs == false sense of security

Re: SSL on Forums
 

Welcome to the forums.

Good Luck as you learn more of stealth ways.

Re: SSL on Forums
 

Welcome to the forums - all the best with stealth

Re: SSL on Forums
 

Users can login at any page on this site. Usernames and passwords are transmitted in plain text from the user's computer to the server, and can be intercepted anywhere along that path. Especially you, aspkin - what if an attacker got your login info? Imagine what kind of havoc could be wreaked upon this forum.

All certs (unless you buy some old cert with old technology like TLS 1.0 or 128-bit encryption) use the same encryption technology. The only thing that differs is the name and warranty.

Re: SSL on Forums
 

Lets be honest, any website can be hacked at any given time.....All that's required is perseverance and time.

Re: SSL on Forums
 

Right. But having an SSL certificate on a website will decrease that chance dramatically.

Re: SSL on Forums
 

Why are you second guessing what aspkin has told YOU about the forum HE runs?

Think you should appreciate that aspkin will have the best interests of the forum in hand at all times.

:typing:

Re: SSL on Forums
 

Since you are obsessed with security, do tell me what information you would gain from siphoning information here? Information that is basically all public. Anyone can sign up here and do whatever they want.

This is not some financial or medical institution where all users have private information that needs to be encrypted.

Re: SSL on Forums
 

Someone could steal our post count!!!!! rsot would be devastated!

Re: SSL on Forums
 

Hamsters would go homeless omgzor! Time to move back into MM78's dungeon :eek:

Re: SSL on Forums
 

NNNNNNNNNNNNNNNNNNNNNOOOOOOOOOOOOOOOOOOOOOOOOOOOO! !!!!!

We aint goin' to no stinky dungeon again.

:mad:

Re: SSL on Forums
 

:FF: :pout: Not a horrible dungeon. PLEASE. We'll pedal so darn hard to stay away from there. PLEASE. :pout: :FF:

Re: SSL on Forums
 

SSL is not for hiding posts, as anyone can register and read them. SSL is for protecting login details, as currently anyone can sniff traffic / make a phake website, and steal some sensitive login details.

Re: SSL on Forums
 

Nothing here is sensitive. This has been the point the whole time muzzie.

No one conducts transactions or any person information through this site. Getting access to someone's forum account is completely useless.

Re: SSL on Forums
 

I think we all know that, what I said was meant as a joke.......apparently not everyone got the joke :doh:.