Georgia Firearm Forums - Georgia Packing banner
1 - 17 of 17 Posts

·
Registered
Joined
·
453 Posts
Discussion Starter · #1 ·
Has there been any talk in configure the apache server to allow https connections to georgiapacking.org?

I prefer to use https over http for security reasons.

I think we can get by without buying a ssl certificate. I don't care if it says untrusted.
 

·
Premium Member
Joined
·
8,460 Posts
No one has ever asked for the forum to have secure access before...

It looks like all I sould have to do is point it to the correct directory, I will see if I can do that sometime soon.
 

·
Registered
Joined
·
10,809 Posts
I guess there would be value in logging in or entering personal registration information via SSL, but we definitely wouldn't want it for viewing or authoring threads - SSL presents an unnecessary load for what is already publically viewable.
 

·
Premium Member
Joined
·
8,460 Posts
RedDawnTheMusical said:
I guess there would be value in logging in or entering personal registration information via SSL, but we definitely wouldn't want it for viewing or authoring threads - SSL presents an unnecessary load for what is already publically viewable.
I am not going to force the forum to be secure (not touching the forum config). I am just going to point the https: to here and see what happens. Hopefully the forum will process the secure address just as it does this one. If it doesn't, oh well. I won't know until I try it.
 

·
Premium Member
Joined
·
8,460 Posts
groats said:
I want to know how this would help.
I can see https for sending credit card info and such, you don't want people 'in between" you and, say, Cabela's, to see the CC#.

But how would it help here? People could still read your posts, right?
Not much. Some people don't like anyone possibly getting their username and password. Another thing would be if you are unsure about what route your information might take when posting, then a secure connection would make sure no one is snooping (WiFi, library, work).

Reading would not be affected. Unless you are reading the secure side and you may get security alerts that say something like: some items on this page are insecure, do you want to show them?" Usually it is off-site hosted pictures/images.
 

·
Registered
Joined
·
453 Posts
Discussion Starter · #7 ·
Yeah if you can just get the https: to route to the same directly it should be fine.

I was not trying to imply making it mandatory for a users. Just having it as an option.

My desire is just to make it little harder for people to easy drop on my traffic.

A side note. There is a Firefox Extension that tries to use https by default.

http://www.eff.org/deeplinks/2010/06/encrypt-web-https-everywhere-firefox-extension
 

·
Registered
Joined
·
1,182 Posts

·
Registered
Joined
·
1,190 Posts
SSL is also very useful from preventing session assumption attacks on wireless networks. This is where the attacker sees your session id cookie, copies it, and then accesses the website logged into your account :evil:
 

·
Premium Member
Joined
·
8,460 Posts
Suburbbus said:
My bar up top is still showing "http". I logged out and back in. Should it not show "https" now?
Only if you put a "s" after "http". Like I said up a little bit, I am not changing the way the forum normally works, you have to manually change it to https (by inserting the s) if you want the site to be secure.
 

·
Registered
Joined
·
1,021 Posts
If you haven't already heard about this, then do a little reading on the "Firesheep" plugin for the Firefox browser. It basically automates the session hijacking on a public wireless network so that any one with no hacking knowledge can do it...

http://techcrunch.com/2010/10/24/firesh ... ts-easily/

Https access to a website while you're on a public network (think starbucks wi-fi or similar) prevents this hack from working.

Cliffhanger
 

·
Registered
Joined
·
10,809 Posts
Public WiFi that doesn't secure sessions with WPA should never be used, unless you're making a VPN connection immediately afterwards with all traffic flowing through the VPN connection. It is very easy to sniff traffic and get all sorts of information with unsecured WiFi. For example, SMTP/POP3 e-mail passwords and user IDs are typically sent as clear text, making it very easy for a hacker to get access to lots of e-mail accounts from public WiFi access without anyone's knowledge.
 

·
Registered
Joined
·
453 Posts
Discussion Starter · #17 ·
GunStar I bet you have a fun week in changing servers.

When you get some time would it be possible to repoint https request to the web site directory?

It looks like it is not working
 
1 - 17 of 17 Posts
Top