Add HTTPS support to forum


#1

Please add HTTPS support to the community forum.

I don't feel comfortable typing in my login details into un-secured forms. Plus adding HTTPS will make the user trust the forum better.


#2

Hi,

You probably mean HTTPS and I totally agree!


#3

Just fixed it. Damn auto-correct. Thanks for letting me know!


#4

Np:) It's actually so rare this day to see a non SSL web page I didn't even realize this until you pointed it out here :slight_smile:


#5

I know right. Since Let's Encrypt came out its been a breeze these days to provide encryption to web pages.


#6

Jesus christ thats horrific. I never even noticed the lack of SSL but that just isn't on in this Day and Age, i mean heck if you put your website behind cloudflare you get SSL for free or you can use LetsEncrypt or a free CA. LiquidSkys heart is in the right place but there implementation isn't.


#7

Well, I saw that the main LS site itself has proper SSL from a trusted CA, DigiCert. Surprised that they didn't get one for the forum.


#8

SSL is unreliable and easily crackable. I have done it myself through a testing environment. All someone has to do is to take your SSL certificate number and get the public key off the site which all are the same and just match them together to steal their account and everything. Having SSL really isn't really needed here. The best thing you can do is use a password manager like last pass for using weird and messed up password that are saved so that they are very hard to get.


#9

I hope you understand, without TLS, RAW login details are being sent over plain text, meaning anyone on your network could intercept the packets and get your details easily. TLS is a must.


#10

This is true and that is why I use last pass and I don't have any other pawwords matching it so if they havk my account; I can get my account back via support and put a another messed up password on it. I highly recommend last pass and best of all it is free. Syncing with other PCs and Such is free just recently. You do NOT need to pay for Last Pass and it is a waste to pay for it. I use the free version and have no need for any of the paid features.

EDIT I tried logging out and logging back in but fortunitly the forums use cookies which would have to be stolen off your computer which I think even Windows 10 would block such intrusions. If you try logging off and back on; you will notice that it puts you back onto your account.


#11

Wow just wow....
I mean... wow...


#12

Again:) Amazing.... I am speechless... I've been reading a lot of your replies... Sometimes it is better to just not talk dude.


#13

Sorry but as far as I can tell most of my posts are beneficial and I give idea that do fix things. I have ran my own website with software that I paid $265 for forum software and configured everything. A lot of posts by me help users. You are not going to stop me from talking so if you don't like my posts; then you are in no way of being forced to read them. You can scroll right past them if you want to. I have A LOT of hearted things and have created guides that help users that usually get good feedback. Have a nice day sir.


#14

I don't want to get into arguments with you. Just take the advice if you like. Or don't.
If you feel like reading a bit I recommend this really good article on encryption and why it is super importan (just google the question:)):
https://www.linkedin.com/pulse/importance-advantages-ssl-certificates-jay-jones


#15

You asked... and you received :slight_smile:

-Jared


#16

I have done ssl hacking with the permission of the host and it involves a public key which the site gives to the user's browser and assigns them a private key to the user logging in only. If you can get a hold of the private key which I am not going to mention how to get it but if you have their private key, you just match it with the site's public key; you can get the user's details from using those two keys. What happens is your private key contains the encryption you need so the site can decrypt it and see your details and let you proceed to log on. If you have both keys you can basically do whatever the hell you want. These are frequently called "certificates" so sorry if I confused you by saying keys by which I am trying to say certificate. Also don't rely on Wikipedia because regular users can go on there and edit anything. I NEVER use wikipedia as a source of data because I have found incorrect info on it. I am 25 and in highschool we were not allowed to even use Wikipedia as a source for our projects. I am not even bother with someone who seriously uses Wikipedia as a source. That is one of the biggest mistakes you can make in an argument.


#17

Good work guys. Thank you :slight_smile:


#18

Thanks @JbeezeLS! Now I feel a bit more safe!


#19

TLSv1.x is more secure than SSL itself.
LS would probably have some sense to actually use secure encryption methods. SSL =! TLS (Even though they're still called SSL certs)


#20

@WDSnav91 So you basically break the encryption by using the private key! Interesting. What else can you do if you have the private key? Does the FBI know about this? They might be interested in your methods.