Pøĸē
Secret Service
I like pie
Posts: 6,578
Reputation: 890
|
Post by Pøĸē on Mar 22, 2016 21:53:45 GMT -5
Why is proboards.com served over https but our forum isn't?
|
|
|
Post by Kat on Mar 23, 2016 1:41:35 GMT -5
https is added security mostly designed for pages that have sensitive information required for login. the forum is prob protected under the main site.
|
|
|
Post by rosequartz on Mar 23, 2016 6:28:10 GMT -5
The support forum isn't https either
|
|
|
Post by Anchorman on Mar 23, 2016 6:28:38 GMT -5
Never noticed.
I guess no forum actually is.
|
|
|
Post by rosequartz on Mar 23, 2016 6:28:59 GMT -5
Just tried to add https since that works usually, but I got the err bear.
|
|
Pøĸē
Secret Service
I like pie
Posts: 6,578
Reputation: 890
|
Post by Pøĸē on Mar 23, 2016 12:55:29 GMT -5
https is added security mostly designed for pages that have sensitive information required for login. the forum is prob protected under the main site. That is not the only reason for use of the https protocol. It is also helpful in preventing man in the middle attacks among other things. There really isn't a good reason why any website should not use https. The only things I can think of are that it's annoying to pay for a cert and it makes your initial connection take a little longer.
|
|
|
Post by Crazy Crow on Mar 24, 2016 17:38:52 GMT -5
So is this place insecure?
|
|
Pøĸē
Secret Service
I like pie
Posts: 6,578
Reputation: 890
|
Post by Pøĸē on Mar 24, 2016 19:24:53 GMT -5
So is this place insecure? The Internet? yes
|
|
|
Post by madworld42 on Mar 24, 2016 21:07:58 GMT -5
ProBoards has my soul anyway.
|
|
|
Post by Mister Big on Mar 25, 2016 17:17:29 GMT -5
Odd isn't it?
|
|
|
Post by miqrogroove on Mar 25, 2016 18:28:22 GMT -5
https is added security mostly designed for pages that have sensitive information required for login. the forum is prob protected under the main site. That is not the only reason for use of the https protocol. It is also helpful in preventing man in the middle attacks among other things. There really isn't a good reason why any website should not use https. The only things I can think of are that it's annoying to pay for a cert and it makes your initial connection take a little longer. Both opinions are somewhat true. Actually, TLS is primarily just for privacy when employed under HTTP. This protocol is entirely separate from all of the web technology and as such cannot prevent most types of website attacks. But we live in a world of cellys and Wi-Fis and so privacy is a huge concern whether it pertains to the login page or the content of our reading and writings.
|
|
Pøĸē
Secret Service
I like pie
Posts: 6,578
Reputation: 890
|
Post by Pøĸē on Mar 25, 2016 21:18:18 GMT -5
That is not the only reason for use of the https protocol. It is also helpful in preventing man in the middle attacks among other things. There really isn't a good reason why any website should not use https. The only things I can think of are that it's annoying to pay for a cert and it makes your initial connection take a little longer. Both opinions are somewhat true. Actually, TLS is primarily just for privacy when employed under HTTP. This protocol is entirely separate from all of the web technology and as such cannot prevent most types of website attacks. But we live in a world of cellys and Wi-Fis and so privacy is a huge concern whether it pertains to the login page or the content of our reading and writings. Are you trying to say it doesn't prevent man in the middle attacks? If you try to man in the middle my connection to a secure page, my browser will complain about the cert
|
|
|
Post by miqrogroove on Mar 26, 2016 13:32:09 GMT -5
Are you trying to say it doesn't prevent man in the middle attacks? If you try to man in the middle my connection to a secure page, my browser will complain about the cert That one specific attack assumes the client contacts the correct server in the proper configuration, and there are oh so many other ways to attack a client or a server.
|
|
Pøĸē
Secret Service
I like pie
Posts: 6,578
Reputation: 890
|
Post by Pøĸē on Mar 26, 2016 13:51:17 GMT -5
Are you trying to say it doesn't prevent man in the middle attacks? If you try to man in the middle my connection to a secure page, my browser will complain about the cert That one specific attack assumes the client contacts the correct server in the proper configuration, and there are oh so many other ways to attack a client or a server. Or you could be sniffing traffic... Also I never claimed it just magically makes everything secure. Gene Spafford likens HTTPS to, "Using an armored truck to transport rolls of pennies between someone on a park bench and someone doing business from a cardboard box." Still, why wouldn't you want the added security?
|
|