HTTPS question

[Pøĸē]

Why is proboards.com served over https but our forum isn't?

[Kat]

https is added security mostly designed for pages that have sensitive information required for login. the forum is prob protected under the main site.

[rosequartz]

The support forum isn't https either

[Anchorman]

Never noticed.

I guess no forum actually is.

[rosequartz]

Just tried to add https since that works usually, but I got the err bear.

[Pøĸē]

Mar 23, 2016 1:41:35 GMT -5 Kat said:

https is added security mostly designed for pages that have sensitive information required for login. the forum is prob protected under the main site.

That is not the only reason for use of the https protocol. It is also helpful in preventing man in the middle attacks among other things. There really isn't a good reason why any website should not use https. The only things I can think of are that it's annoying to pay for a cert and it makes your initial connection take a little longer.

[Crazy Crow]

So is this place insecure?

[Pøĸē]

Mar 24, 2016 17:38:52 GMT -5 Crazy Crow said:

So is this place insecure?

The Internet? yes

[madworld42]

ProBoards has my soul anyway.

[Mister Big]

Odd isn't it?

[miqrogroove]

Mar 23, 2016 12:55:29 GMT -5 Pøĸē said:

Mar 23, 2016 1:41:35 GMT -5 Kat said:

https is added security mostly designed for pages that have sensitive information required for login. the forum is prob protected under the main site.

That is not the only reason for use of the https protocol. It is also helpful in preventing man in the middle attacks among other things. There really isn't a good reason why any website should not use https. The only things I can think of are that it's annoying to pay for a cert and it makes your initial connection take a little longer.

Both opinions are somewhat true. Actually, TLS is primarily just for privacy when employed under HTTP. This protocol is entirely separate from all of the web technology and as such cannot prevent most types of website attacks. But we live in a world of cellys and Wi-Fis and so privacy is a huge concern whether it pertains to the login page or the content of our reading and writings.

[Pøĸē]

Mar 25, 2016 18:28:22 GMT -5 miqrogroove said:

Mar 23, 2016 12:55:29 GMT -5 Pøĸē said:

That is not the only reason for use of the https protocol. It is also helpful in preventing man in the middle attacks among other things. There really isn't a good reason why any website should not use https. The only things I can think of are that it's annoying to pay for a cert and it makes your initial connection take a little longer.

Both opinions are somewhat true. Actually, TLS is primarily just for privacy when employed under HTTP. This protocol is entirely separate from all of the web technology and as such cannot prevent most types of website attacks. But we live in a world of cellys and Wi-Fis and so privacy is a huge concern whether it pertains to the login page or the content of our reading and writings.

Are you trying to say it doesn't prevent man in the middle attacks? If you try to man in the middle my connection to a secure page, my browser will complain about the cert

[miqrogroove]

Mar 25, 2016 21:18:18 GMT -5 Pøĸē said:

Are you trying to say it doesn't prevent man in the middle attacks? If you try to man in the middle my connection to a secure page, my browser will complain about the cert

That one specific attack assumes the client contacts the correct server in the proper configuration, and there are oh so many other ways to attack a client or a server.

[Pøĸē]

Mar 26, 2016 13:32:09 GMT -5 miqrogroove said:

Mar 25, 2016 21:18:18 GMT -5 Pøĸē said:

Are you trying to say it doesn't prevent man in the middle attacks? If you try to man in the middle my connection to a secure page, my browser will complain about the cert

That one specific attack assumes the client contacts the correct server in the proper configuration, and there are oh so many other ways to attack a client or a server.

Or you could be sniffing traffic... Also I never claimed it just magically makes everything secure. Gene Spafford likens HTTPS to, "Using an armored truck to transport rolls of pennies between someone on a park bench and someone doing business from a cardboard box."

Still, why wouldn't you want the added security?