Is it possible for the forum to use secure https - WaltherForums
WaltherForums
 

Go Back   WaltherForums > WaltherForums.com > Feedback, Comments and Issues

Like Tree3Likes
  • 3 Post By admin
Reply
 
LinkBack Thread Tools Display Modes
Old 03-16-2017, 11:04 PM   #1
Supporting Member
 
Pudge's Avatar
 
Join Date: Dec 2014
Location: Colorado
Posts: 212
Pudge .22
Is it possible for the forum to use secure https

Admins

With things like they are today, security is becoming more and more of an issue.

Can the forum software or your server space provider be set up as a secure web site. In other words, Walther Forums would respond back as a https url instead of the insecure http url. Since everything is currently passing back and forth on an insecure link, it is quite possible for someone to obtain a person's username and password. Many of the major web sites are now using secured communications, and I thought it might be worth looking into for the Walther Forums.

Thanks

Pudge
Pudge is offline   Reply With Quote
Register
Old 03-17-2017, 11:12 AM   #2
Administrator
 
Join Date: Apr 2016
Posts: 73
admin .22
It's on the "To Do" list. Should be happening sooner rather then later. It's never been something that made a lot of sense for us to protect against as everything being entered here is going to to a public forum, open to all to read. But now, some browsers are sending up alerts about the fact, so to retain our status as a safe site this upgrade is going to be fastlaned.

Kevin
admin is offline   Reply With Quote
Old 03-17-2017, 06:00 PM   #3
Supporting Member
 
Pudge's Avatar
 
Join Date: Dec 2014
Location: Colorado
Posts: 212
Pudge .22
Quote:
Originally Posted by admin View Post
It's on the "To Do" list. It's never been something that made a lot of sense for us to protect against as everything being entered here is going to to a public forum, open to all to read. Kevin
I agree with the above except when the user is logging in. With an unsecure connection, the username and password are transmitted in readable english and can be grabbed and copied by a hacker. Not likely but none the less possible.

This can cause chaos on the forum with someone posting inflammatory posts in someone else's name. Also, since a lot of people use the same username and password on numerous sites (not a good idea but very convenient) any one of which could have very personal information on it. Such as credit card, address, etc depending on the site.

In reality, a site such as this really only needs a secure connection when asking for username and password. The only way I know to do that would be to click on a "Sign In" icon then switch to a secure connection for the login then go back to unsecure for all other pages. I have no idea if the forum software (vBulletin) is capable of this.

Thanks for taking this under consideration.

Pudge

Edit:
After more thought, once a hacker gains a username and password for someone on the forum, they can login and go to that user's "User CP" and glean more info from that.

Last edited by Pudge; 03-17-2017 at 06:06 PM.
Pudge is offline   Reply With Quote
 
Old 03-17-2017, 10:46 PM   #4
Senior Member
 
GonzoGeezer's Avatar
 
Join Date: Mar 2012
Location: SoCenPA
Posts: 2,524
GonzoGeezer .22
I haven't had to log in to the site, either through a web browser or a tapatalk, for a l o n g time.

If you go to https does that block tapatalk as an access method?
__________________
-gonzo
GonzoGeezer is offline   Reply With Quote
Old 03-22-2017, 04:25 PM   #5
Senior Member
 
jackrock's Avatar
 
Join Date: Apr 2014
Location: Denver, CO
Posts: 339
jackrock .22
Quote:
Originally Posted by admin View Post
It's on the "To Do" list. Should be happening sooner rather then later. It's never been something that made a lot of sense for us to protect against as everything being entered here is going to to a public forum, open to all to read. But now, some browsers are sending up alerts about the fact, so to retain our status as a safe site this upgrade is going to be fastlaned.

Kevin
While the username and password are something we should be somewhat concerned about, my actual concern is about search ratings. If we want WaltherForums to show up better in search results, you'll need to incorporate HTTPS.

I was able to do mine for free, using Let's Encrypt, and it self-renews itself every three months (as it's not en EV cert). And, the Let's Encrypt certs are accepted now by every major browsers (and most offshoot varieties).
jackrock is offline   Reply With Quote
Old 03-23-2017, 08:07 AM   #6
Administrator
 
Join Date: Apr 2016
Posts: 73
admin .22
Thank you for your suggestions, we've been working on getting our sites on to this over the last year. Tech is looking at deploying this in the next few months.

Thank you so much

~ Glenda
admin is offline   Reply With Quote
Old 03-23-2017, 09:51 AM   #7
Administrator
 
Join Date: Apr 2016
Posts: 73
admin .22
Quote:
Originally Posted by GonzoGeezer View Post
I haven't had to log in to the site, either through a web browser or a tapatalk, for a l o n g time.

If you go to https does that block tapatalk as an access method?
No, Tapatalk will still be available.

Dayle
admin is offline   Reply With Quote
Reply

Lower Navigation
Go Back   WaltherForums > WaltherForums.com > Feedback, Comments and Issues

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.