SSL
Moderators: carlson1, Keith B, Charles L. Cotton
- Charles L. Cotton
- Site Admin
- Posts: 17788
- Joined: Wed Dec 22, 2004 9:31 pm
- Location: Friendswood, TX
- Contact:
Re: SSL
There is no SSL on the Forum since it doesn't take data. If you are using the latest Firefox, it has what Mozzilla calls a "feature," that is actually an pain! I just deactivated mine last Friday.tbrown wrote:Does anybody else have trouble using the https version of the forum? It tells me the certificate is invalid.
Chas.
Re: SSL
In the web industry (from which I am retired), it is cosidered a best practice to use a secure connection for all login pages, as someone with a network sniffer could get passwords, log in, and leave a lot of spam messages with links. Not a danger, but hours of time to delete, change credentials, etc.
In addition, many SEO professionals believe that Google gives more weight to sites using a certificate, which improves their rankings.
If you accidentally use https to address a website that does not use a certificate, you will actually hit the server default certificate, which is self-signed. That encryption is valid, but since the Authority is invalid, you will get a security warning.
It is now considered a smart practice to secure all pages on all sites with a certificate, just to avoid all the problems, and potentially improve search engine rankings.
S
			
			
									
						
							In addition, many SEO professionals believe that Google gives more weight to sites using a certificate, which improves their rankings.
If you accidentally use https to address a website that does not use a certificate, you will actually hit the server default certificate, which is self-signed. That encryption is valid, but since the Authority is invalid, you will get a security warning.
It is now considered a smart practice to secure all pages on all sites with a certificate, just to avoid all the problems, and potentially improve search engine rankings.
S
Texas LTC Instructor / RSO / SSC
Viet Nam Veteran: 25th Infantry, Cu Chi
https://mckinneyfirearmstraining.com
			
						Viet Nam Veteran: 25th Infantry, Cu Chi
https://mckinneyfirearmstraining.com
- 
				uthornsfan
- Senior Member
- Posts: 490
- Joined: Sun Jan 30, 2011 11:13 pm
- Location: Austin, TX
Re: SSL
Chas,
It is fairly important that the site uses SSL. If anyone sends their password and the site doesn't default to SSl those passwords can get intercepted in plain text.
The industry is moving toward every site needing/requiring SSL.
			
			
									
						
										
						It is fairly important that the site uses SSL. If anyone sends their password and the site doesn't default to SSl those passwords can get intercepted in plain text.
The industry is moving toward every site needing/requiring SSL.
- tx mountaineer
- Member
- Posts: 50
- Joined: Fri Jan 29, 2010 10:52 pm
- Location: Clear Lake
Re: SSL
Charles L. Cotton wrote:There is no SSL on the Forum since it doesn't take data. If you are using the latest Firefox, it has what Mozzilla calls a "feature," that is actually an pain! I just deactivated mine last Friday.tbrown wrote:Does anybody else have trouble using the https version of the forum? It tells me the certificate is invalid.
Chas.

Re: SSL
No cert also means there is no way to ensure you are where you think you are. It is not hard to spoof a website like this and inject a bad link via a XSS attack. Every login page should be secured with SSL. Most users do not use unique credentials for each website, which means their credentials are in jeopardy every time they log in. 
Certs are good. As long as they aren't from Symantec or any of their sub-CAs.
			
			
									
						
										
						Certs are good. As long as they aren't from Symantec or any of their sub-CAs.
Re: SSL
 
 +1.
I understand why SSL is a pain, but for that effort there are benefits. On the other hand, I'm not complaining as I'm not the one going to the trouble of hosting a really good forum. And I really like the emoji's.
4/13/1996 Completed CHL Class, 4/16/1996 Fingerprints, Affidavits, and Application Mailed, 10/4/1996 Received CHL, renewed 1998, 2002, 2006, 2011, 2016...).   "ATF... Uhhh...heh...heh....Alcohol, tobacco, and GUNS!!  Cool!!!!"
			
						Re: SSL
just changed my password to a totally unique one. hopefully I can remember it next time I want to log on.cyphur wrote:No cert also means there is no way to ensure you are where you think you are. It is not hard to spoof a website like this and inject a bad link via a XSS attack. Every login page should be secured with SSL. Most users do not use unique credentials for each website, which means their credentials are in jeopardy every time they log in.
Certs are good. As long as they aren't from Symantec or any of their sub-CAs.

LTC since 2015
I have contacted my state legislators urging support of Constitutional Carry Legislation HB 1927
			
						I have contacted my state legislators urging support of Constitutional Carry Legislation HB 1927
Re: SSL
Look into a password manager like LastPass. Problem solved.allisji wrote:just changed my password to a totally unique one. hopefully I can remember it next time I want to log on.cyphur wrote:No cert also means there is no way to ensure you are where you think you are. It is not hard to spoof a website like this and inject a bad link via a XSS attack. Every login page should be secured with SSL. Most users do not use unique credentials for each website, which means their credentials are in jeopardy every time they log in.
Certs are good. As long as they aren't from Symantec or any of their sub-CAs.
- The Annoyed Man
- Senior Member
- Posts: 26906
- Joined: Wed Jan 16, 2008 12:59 pm
- Location: North Richland Hills, Texas
- Contact:
Re: SSL
Love LastPass.cyphur wrote:Look into a password manager like LastPass. Problem solved.allisji wrote:just changed my password to a totally unique one. hopefully I can remember it next time I want to log on.cyphur wrote:No cert also means there is no way to ensure you are where you think you are. It is not hard to spoof a website like this and inject a bad link via a XSS attack. Every login page should be secured with SSL. Most users do not use unique credentials for each website, which means their credentials are in jeopardy every time they log in.
Certs are good. As long as they aren't from Symantec or any of their sub-CAs.
“Hard times create strong men. Strong men create good times. Good times create weak men. And, weak men create hard times.”
― G. Michael Hopf, "Those Who Remain"
#TINVOWOOT
			
						― G. Michael Hopf, "Those Who Remain"
#TINVOWOOT
Re: SSL
I'm a roboform man myself. It's seemingly more secure because it's not as popular, but it doesn't support 2FA. 
I vote that the admins enable SSL on this website. Granted I'm good enough to use a unique super random password for this site, not everyone does. Regardless, cost shouldn't be considered an issue thanks to https://letsencrypt.org/
			
			
									
						
										
						I vote that the admins enable SSL on this website. Granted I'm good enough to use a unique super random password for this site, not everyone does. Regardless, cost shouldn't be considered an issue thanks to https://letsencrypt.org/
Re: SSL
I ran WireShark just to see what was going on. Logged into TexasCHLForum and sure enough, there was my password in plain text. Now the password I use here is completely unique and never used anywhere else.uthornsfan wrote:Chas,
It is fairly important that the site uses SSL. If anyone sends their password and the site doesn't default to SSl those passwords can get intercepted in plain text.
The industry is moving toward every site needing/requiring SSL.
Re: SSL
Enabling SSL is not as simple as clicking a button.  There are several steps, and it requires a dedicated IP, which may not be part of their hosting deal. The forum probably uses an IP shared with dozens of other websites. Also, if every graphic is not addressed by https, browsers will throw "mixed content" errors.
S
			
			
									
						
							S
Texas LTC Instructor / RSO / SSC
Viet Nam Veteran: 25th Infantry, Cu Chi
https://mckinneyfirearmstraining.com
			
						Viet Nam Veteran: 25th Infantry, Cu Chi
https://mckinneyfirearmstraining.com
- Charles L. Cotton
- Site Admin
- Posts: 17788
- Joined: Wed Dec 22, 2004 9:31 pm
- Location: Friendswood, TX
- Contact:






