Thread: Secure Login
+
Add Report
Results 1 to 13 of 13
-
06-27-23 11:10 #13
Posts: 443HTTPS should be put in place, its June of 2023
Reading this thread.
An Admin talks about HTTPS would need to log IP addresses to enable. Well, I assume there are multiple solutions by now, many vpn provideres use a no log / no disk / only in RAM solutions. I would assume a simple ram disk would get you there. As others have described, getting a valid certificate can be free.
But the big issues are why you should do HTTPS.
If you are not a member, and you visit the site, the the browsers say "DANGER" and the prospect says "NEXT".
So membership will be extremely stunted.
If you want to enforce better personal security, maybe you have configured the browser to only visit HTTPS sites.
An HTTP site's traffic is too easy to review and interrogate, HTTPS is ubiquitous.
Even the login credentials are not encrypted, yikes.
The juice IS worth the squeeze to implement.
-
07-03-22 21:40 #12
HTTPS is the minimum
Why does the site still not support https? That should be the minimum. Also wondering about you retaining IP addresses and other client details.
We don't do HTTPS for that very reason, we don't retain any info beyond the email you sign up with and if you're using an email account that's tied to you in the real world well Momma always said "Stupid is as stupid does." What exactly do we need to encrypt? Everything on this forum is forward facing.
Next time why not address the issues you have with me in a PM? It's Admin2
A2
-
10-27-21 14:52 #11
Posts: 14Encrypt
It's just poor management to keep using http at this point. No there's no credit cards, etc, but the information that can be gleaned, even if you're using a VPN can be catastrophic. I'd be more than happy to offer services to get you encrypted for free. Let's encrypt is free, guys here would do the work for free. It's very straight forward and I imagine site admins who manage to keep this place running would have more than enough skill to do it. Thanks for all you do guys!
-
06-12-21 13:23 #10
Posts: 387LetsEncrypt Instructions
https://www.digitalocean.com/communi...n-ubuntu-20-04
I think you guys are using Apache on Ubuntu, so these instructions should work for you. They have instructions for other version of Ubuntu too. It would be really nice to get SSL going on this site, and with LetsEncrypt, you can get and renew your certs for free using certbot as described in the tutorial above.
-
05-12-21 14:33 #9
Posts: 91Please
Please can you guys make this site HTTPS.
-
02-27-21 03:11 #8
Posts: 53Almost 4 years since OP and https is by now standard on even basic websites totally free through https://letsencrypt.org/.
I'm not advertising their company or anything, they are a non-profit automated service that was put together to try to get as much of the internet on https as possible.
-
05-27-18 08:47 #7
Posts: 20Https
Originally Posted by Admin2 [View Original Post]
It's good that you'll be rolling out encryption. Then, the entire conversation is encrypted between the user's browser and USASG, no worries about anyone in between.
Wait, you think that the local police in your area are going to be able to hack into our servers or intercept our traffic and pull your PM's with a packet sniffer?
You guys are not DPR, and these are blow jobs not Silk Road.
A2
-
05-20-18 22:41 #6
Posts: 327I came to this section just to post about SSL, its good you guys are on top of it. Also though, your Google ranking will be helped too.
-
05-20-18 16:32 #5
Posts: 4922Originally Posted by BBpornogeek [View Original Post]
Originally Posted by CreamPieGuy543 [View Original Post]
If you're worried about your IP addy until then use a VPN.
-
05-20-18 14:29 #4
Posts: 20Https / tls
Originally Posted by CreamPieGuy543 [View Original Post]
-
03-11-18 23:21 #3
Posts: 1207Registration for the site should move away from GoDaddy as well and make it an anonymous registration. Tomorrow's senate bill could make life hard for ISG and USG site owners. The site may be in Europe, but the Feds can commandeer the domain name.
-
02-11-18 21:18 #2
Posts: 89The Entire site should be
Agreed,
The whole site should be changed to use HTTS / TLS not just the login page.
Originally Posted by Oldmonger [View Original Post]
-
03-10-17 17:30 #1
Posts: 547Secure Login
USASG should change from HTTP to HTTPS. Logging in to an HTTP URL is not secure. The upgrade is not expensive or complicated.
OM.