https for georgiapacking.org

Discussion in 'Website & Forum Suggestions' started by XD9SC, Oct 7, 2010.

  1. XD9SC

    XD9SC New Member

    453
    0
    0
    Has there been any talk in configure the apache server to allow https connections to georgiapacking.org?

    I prefer to use https over http for security reasons.

    I think we can get by without buying a ssl certificate. I don't care if it says untrusted.
     
  2. Gunstar1

    Gunstar1 Administrator

    8,460
    5
    38
    No one has ever asked for the forum to have secure access before...

    It looks like all I sould have to do is point it to the correct directory, I will see if I can do that sometime soon.
     

  3. RedDawnTheMusical

    RedDawnTheMusical Well-Known Member

    10,783
    312
    83
    I guess there would be value in logging in or entering personal registration information via SSL, but we definitely wouldn't want it for viewing or authoring threads - SSL presents an unnecessary load for what is already publically viewable.
     
  4. groats

    groats New Member

    2,568
    0
    0
    I want to know how this would help.
    I can see https for sending credit card info and such, you don't want people 'in between" you and, say, Cabela's, to see the CC#.

    But how would it help here? People could still read your posts, right?
     
  5. Gunstar1

    Gunstar1 Administrator

    8,460
    5
    38
    I am not going to force the forum to be secure (not touching the forum config). I am just going to point the https: to here and see what happens. Hopefully the forum will process the secure address just as it does this one. If it doesn't, oh well. I won't know until I try it.
     
  6. Gunstar1

    Gunstar1 Administrator

    8,460
    5
    38
    Not much. Some people don't like anyone possibly getting their username and password. Another thing would be if you are unsure about what route your information might take when posting, then a secure connection would make sure no one is snooping (WiFi, library, work).

    Reading would not be affected. Unless you are reading the secure side and you may get security alerts that say something like: some items on this page are insecure, do you want to show them?" Usually it is off-site hosted pictures/images.
     
  7. XD9SC

    XD9SC New Member

    453
    0
    0
    Yeah if you can just get the https: to route to the same directly it should be fine.

    I was not trying to imply making it mandatory for a users. Just having it as an option.

    My desire is just to make it little harder for people to easy drop on my traffic.

    A side note. There is a Firefox Extension that tries to use https by default.

    http://www.eff.org/deeplinks/2010/06/encrypt-web-https-everywhere-firefox-extension
     
  8. Puffyfish

    Puffyfish New Member

    1,182
    0
    0
    Excellent! Thanks for posting that. :D :D :D
     
  9. frankr

    frankr Active Member

    1,122
    0
    36
    SSL is also very useful from preventing session assumption attacks on wireless networks. This is where the attacker sees your session id cookie, copies it, and then accesses the website logged into your account :evil:
     
  10. Gunstar1

    Gunstar1 Administrator

    8,460
    5
    38
    Https is up and running under a self signed certificate.

    Posting is not a problem.
     
  11. XD9SC

    XD9SC New Member

    453
    0
    0
    It is working for me. Thanks

    What did you end having to do? Just tell https://georgiapacking.org to point to the website directory.
     
  12. Gunstar1

    Gunstar1 Administrator

    8,460
    5
    38
    That was it.
     
  13. Suburbbus

    Suburbbus Well-Known Member

    2,080
    29
    48
    My bar up top is still showing "http". I logged out and back in. Should it not show "https" now?
     
  14. Gunstar1

    Gunstar1 Administrator

    8,460
    5
    38
    Only if you put a "s" after "http". Like I said up a little bit, I am not changing the way the forum normally works, you have to manually change it to https (by inserting the s) if you want the site to be secure.
     
  15. cliffhanger

    cliffhanger Active Member

    1,021
    0
    36
    If you haven't already heard about this, then do a little reading on the "Firesheep" plugin for the Firefox browser. It basically automates the session hijacking on a public wireless network so that any one with no hacking knowledge can do it...

    http://techcrunch.com/2010/10/24/firesh ... ts-easily/

    Https access to a website while you're on a public network (think starbucks wi-fi or similar) prevents this hack from working.

    Cliffhanger
     
  16. RedDawnTheMusical

    RedDawnTheMusical Well-Known Member

    10,783
    312
    83
    Public WiFi that doesn't secure sessions with WPA should never be used, unless you're making a VPN connection immediately afterwards with all traffic flowing through the VPN connection. It is very easy to sniff traffic and get all sorts of information with unsecured WiFi. For example, SMTP/POP3 e-mail passwords and user IDs are typically sent as clear text, making it very easy for a hacker to get access to lots of e-mail accounts from public WiFi access without anyone's knowledge.
     
  17. XD9SC

    XD9SC New Member

    453
    0
    0
    GunStar I bet you have a fun week in changing servers.

    When you get some time would it be possible to repoint https request to the web site directory?

    It looks like it is not working