HTTP vs HTTPS

strainbank

Active Member
might be an seo issue if they have a lot of backlinks to the http version of this website. since there are no purchases or personal info being given, im not sure how much it matters for these folks? the nsa have access to everything regardless of https.
 

Cx2H

Well-Known Member
#Old
since there are no purchases or personal info being given, im not sure how much it matters for these folks?
That is irrelevant, it is irresponsible to operate any site with public info databases without encryption. How easy you want to make it? Someone could start here and end in you google accounts controlling all your infos?! Encryption/HTTPS certs are free nowadays at Let's Encrypt...
#InfoSec
 

see4

Well-Known Member
Because there is no information that requires being secured. It's an open forum, all the information users provide is easily accessible without having to hack.

I would assume that advertisers work out something with the admins "offline", and no automation or transfer of financial information is transacted or stored on a local database.

But yea, Cx2H is right. with Let's Encrypt, you can easily add SSL to a domain with ease and no cost.
 

Bubblin

Well-Known Member
might be an seo issue if they have a lot of backlinks to the http version of this website. since there are no purchases or personal info being given, im not sure how much it matters for these folks? the nsa have access to everything regardless of https.
If anyone here was worried about seo they would remove the www. subdomain and redirect all to non www.
Having both = essentially having two sites with the same content. Canonical isn't always followed nor helpful 100% of the time, plus you need to log into both www. and non www separately.

@ssl / https
As Cx2h said, Free certs @ https://letsencrypt.org/
It's a fairly simple install for some os's.

FYI, ssl/https has nothing to do with database encryption or anything server side really. DB's are normally on localhost, if it's remote then it's an ip.
It's about the transportation of data using encrypted packets. Aka shit you type here will be encrypted, text, usenames, passwords ect. Without it everything is plain text.

imo a site like this should totally have it.
 

Jubilant

Well-Known Member
I myself would like to see this change. It protects every user on deeper levels then "is my info I post secure" It is a protection for your connection to the actual server. Having HTTPS helps to assure against man in the middle attacks as well, which is a feature I would enjoy.
 

Cx2H

Well-Known Member
RIU is behind cloudflare. And CF has a flexible SSL plan (for free).
A real SSL certificate only costs 10$/year.
I wonder why admins still don't care about users privacy at all.
Cloud flare also just had cloud bleed vulnerability and was dumping pID, passwords and their reputation. Again database encryption and transport encryption are no brainers here. The "Networking Team" here are late 90's with their #InfoSecNinjaSkills...

Example ddos should not interrupt service more than a day at most to mitigate and really, as long as DNS takes to update (hours), but round these parts = week.

Fried HD in raid strip is day max to mitigate as well with a slow repopulate.

Database fried = as long as it takes to load fresh backup.
#NetSec
#OpSec
;-)
 

sunni

Administrator
Staff member
Cloud flare also just had cloud bleed vulnerability and was dumping pID, passwords and their reputation. Again database encryption and transport encryption are no brainers here. The "Networking Team" here are late 90's with their #InfoSecNinjaSkills...

Example ddos should not interrupt service more than a day at most to mitigate and really, as long as DNS takes to update (hours), but round these parts = week.

Fried HD in raid strip is day max to mitigate as well with a slow repopulate.

Database fried = as long as it takes to load fresh backup.
#NetSec
#OpSec
;-)
Feel free to leave if you don't like the hard work we do here for your free website
 

sunni

Administrator
Staff member
You still haven't provided an answer sunni, website is not exactly free. RIU contains advertisements and sponsors selling their goods and services.
I'm not the owner of the website
So I cannot provide answers I don't have
 

cool2burn

Well-Known Member
I'm not the owner of the website
So I cannot provide answers I don't have
It is something you as a Mod should suggest to the owners. It would make it a bit more difficult for hackers to bring the site down again. However if they really want to there is not much that can be done to stop- it. All you can do is to try and make it more difficult.
 
Top