SSL / Secure Browsing

Quiky

Quiky

Super relevant and trendy avatar
STAFF MEMBER
Joined
Aug 21, 1995
Messages
5,764
Anyone interested in SSL browsing of the forums, or secure logins?

Just wanted to see if there was demand for it before purchasing a certificate.
 
I'm always in favor of encryption, although it does put a bit of a higher load on the server. If we can do it without burdening the machine, I think it would be great and well worth the 20 bucks/year that godaddy (for example) charges. I'd be fine with a self-signed cert as well, but it's hardly worth it these days when the costs are so low.

Steve
 
Yes, please. Most other sites that I use offer it, and I quite like it, for reasons that Adunaphel suggested.
 
If you have money spare I don't see why not as it's a nice feature to have. For us normal users I can't quite see the point however. If someone was looking into what I read on this forum I know that it would tell them I like Photography yet I can guarantee they would still try and sell me viagra or tell me I've won a million gazillion.
 
Quiky said:
Anyone interested in SSL browsing of the forums, or secure logins?

Just wanted to see if there was demand for it before purchasing a certificate.
Click to expand...

I'd be interested in it (I'd force SSL for all my WordPress admin stuff), but an unsigned cert would be fine IMO.

Adunaphel said:
Yes; i would prefer it my mod password wouldn't travel across whatever proxy i am behind at any given moment depending on which client i'm at in plaintext for everyone to see.
Click to expand...

If you have JS enabled, there's a script that comes with vB that aborts sending your password in plaintext and instead sends it's MD5 hash when you login.

Steve Levin said:
I'm always in favor of encryption, although it does put a bit of a higher load on the server. If we can do it without burdening the machine, I think it would be great and well worth the 20 bucks/year that godaddy (for example) charges. I'd be fine with a self-signed cert as well, but it's hardly worth it these days when the costs are so low.

Steve
Click to expand...

This server is usually at around 0.10 load. Even when Top Gear has aired, it rarely breaks 1.00. It's at around 4.00 right now, but that's only because we have some crap running.

In short, Titan is a beast and load isn't an issue.
 
I'm not so in too that hosting stuff. What does "buying" a certificate means? Who do you buy it from, what does it say? What does it certify. And how can i be sure it's a real certificate and not something anyone could made up?
I thought thats just a feature to activate on the server... mhh certificate??!!
 
Viper007Bond said:
If you have JS enabled, there's a script that comes with vB that aborts sending your password in plaintext and instead sends it's MD5 hash when you login.
Click to expand...

But that MD5 hash still travels across the internet unsecured, and that can also be used to log into the forums. Those scripts give you a false sense of security, since the information travelling plaintext over the internet can still be used to access my account, regardless of any hashing done before it's sent. The most secure way is still by using SSL certs.
 
Adunaphel said:
But that MD5 hash still travels across the internet unsecured, and that can also be used to log into the forums. Those scripts give you a false sense of security, since the information travelling plaintext over the internet can still be used to access my account, regardless of any hashing done before it's sent. The most secure way is still by using SSL certs.
Click to expand...

Very true indeed.
 
Erm, go on then. I'm still fairly clueless about web security anyway. :D
 
No worth it if it does not deliver a valued requirement -- at the moment you have one requirement that I can see but I would classify that as only desirable. If you ever think about taking financial information I would go SSL but with the info available to me not worth it at the moment.

Now, it does depend upon the cost and the load factor too. If very cheap (around the 20 USD mark as suggested) and does not cause too big an increase in load, then OK do it anyway IMHO.
 
You must log in or register to reply here.
Top