HTTP vs HTTPS
- Thread starter vostok
- Start date
King Arthur
Well-Known Member
Good question...
strainbank
Active Member
might be an seo issue if they have a lot of backlinks to the http version of this website. since there are no purchases or personal info being given, im not sure how much it matters for these folks? the nsa have access to everything regardless of https.
strainbank
Active Member
Cx2H
Well-Known Member
#Old
#InfoSec
That is irrelevant, it is irresponsible to operate any site with public info databases without encryption. How easy you want to make it? Someone could start here and end in you google accounts controlling all your infos?! Encryption/HTTPS certs are free nowadays at Let's Encrypt...
#InfoSec
see4
Well-Known Member
Because there is no information that requires being secured. It's an open forum, all the information users provide is easily accessible without having to hack.
I would assume that advertisers work out something with the admins "offline", and no automation or transfer of financial information is transacted or stored on a local database.
But yea, Cx2H is right. with Let's Encrypt, you can easily add SSL to a domain with ease and no cost.
I would assume that advertisers work out something with the admins "offline", and no automation or transfer of financial information is transacted or stored on a local database.
But yea, Cx2H is right. with Let's Encrypt, you can easily add SSL to a domain with ease and no cost.
Bubblin
Well-Known Member
If anyone here was worried about seo they would remove the www. subdomain and redirect all to non www.
Having both = essentially having two sites with the same content. Canonical isn't always followed nor helpful 100% of the time, plus you need to log into both www. and non www separately.
@ssl / https
As Cx2h said, Free certs @ https://letsencrypt.org/
It's a fairly simple install for some os's.
FYI, ssl/https has nothing to do with database encryption or anything server side really. DB's are normally on localhost, if it's remote then it's an ip.
It's about the transportation of data using encrypted packets. Aka shit you type here will be encrypted, text, usenames, passwords ect. Without it everything is plain text.
imo a site like this should totally have it.
Bubblin
Well-Known Member
Great show, nutty as hell but the good kinda nutty
Bubblin
Well-Known Member
I'm gonna hax your subs and replace them with subs from an 80's porn film.
vostok
Well-Known Member
Found This for those that take security highly ...even those that don't
HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications
with many major websites, making your browsing more secure.
Encrypt the web: Install HTTPS Everywhere today. https://www.eff.org/https-everywhere
Jubilant
Well-Known Member
I myself would like to see this change. It protects every user on deeper levels then "is my info I post secure" It is a protection for your connection to the actual server. Having HTTPS helps to assure against man in the middle attacks as well, which is a feature I would enjoy.
vostok
Well-Known Member
Currently testing Epic Privacy browser with its free vpn
check it out
: http://forum.epicbrowser.com/
coool!
check it out
: http://forum.epicbrowser.com/
coool!
Cx2H
Well-Known Member
Cloud flare also just had cloud bleed vulnerability and was dumping pID, passwords and their reputation. Again database encryption and transport encryption are no brainers here. The "Networking Team" here are late 90's with their #InfoSecNinjaSkills...
Example ddos should not interrupt service more than a day at most to mitigate and really, as long as DNS takes to update (hours), but round these parts = week.
Fried HD in raid strip is day max to mitigate as well with a slow repopulate.
Database fried = as long as it takes to load fresh backup.
#NetSec
#OpSec
Feel free to leave if you don't like the hard work we do here for your free websiteCloud flare also just had cloud bleed vulnerability and was dumping pID, passwords and their reputation. Again database encryption and transport encryption are no brainers here. The "Networking Team" here are late 90's with their #InfoSecNinjaSkills...
Example ddos should not interrupt service more than a day at most to mitigate and really, as long as DNS takes to update (hours), but round these parts = week.
Fried HD in raid strip is day max to mitigate as well with a slow repopulate.
Database fried = as long as it takes to load fresh backup.
#NetSec
#OpSec
MiStUrX
Member
You still haven't provided an answer sunni, website is not exactly free. RIU contains advertisements and sponsors selling their goods and services.
I'm not the owner of the website
So I cannot provide answers I don't have
cool2burn
Well-Known Member
It is something you as a Mod should suggest to the owners. It would make it a bit more difficult for hackers to bring the site down again. However if they really want to there is not much that can be done to stop- it. All you can do is to try and make it more difficult.