08 September 2019, 09:37 | #1 |
Registered User
Join Date: Sep 2019
Location: Veenendaal, Netherlands
Posts: 2
|
Why is https:// not supported here?
Good day. I realised this site is not on HTTPS. This makes it vulnerable to snooping and session hi-jacking, and obvious easy targets for spammers and hackers.
Sure, a total lack of encryption does feel very retro But it's really not a wise thing these days. Certificates were costly, but today, they can be gotten, for free, from letsencrypt.org. (I am not affiliated with Let's Encrypt -- I just want to be able to use the web securely.) Right now, everything is sent in clear text. A lot of people tend to reuse the same password on different sites. People unaware of this security hole need to be informed, and need to consider all their other accounts compromised until they have reset all their passwords. Last edited by hugo_nl; 08 September 2019 at 09:38. Reason: Typo |
08 September 2019, 15:00 | #2 |
Coder/webmaster/gamer
Join Date: Oct 2001
Location: Canberra/Australia
Posts: 2,682
|
It's hardly a "security hole" just because a site uses normal HTTP.
HTTPS was designed for banking and similar uses, it was never intended for it to be used on every site. And it causes site compatibility problems with a lot of browsers. |
08 September 2019, 15:26 | #3 | |
Unregistered User
Join Date: Sep 2012
Location: Copenhagen / DK
Age: 44
Posts: 4,190
|
Quote:
Blocking plain HTTP access altogether would not be nice on a site like this as it is still useful to be able to access with Amigabrowsers etc. that cannot handle SSL, but that doesn't exclude that there could be a HTTPS version for whenever you're on a PC. |
|
08 September 2019, 15:36 | #4 | |
Coder/webmaster/gamer
Join Date: Oct 2001
Location: Canberra/Australia
Posts: 2,682
|
Quote:
|
|
08 September 2019, 19:10 | #5 |
Amigan
Join Date: Feb 2012
Location: London
Posts: 1,317
|
Everyone here posts using their Amiga.
Have you used SSL on an 68060? It's not great |
08 September 2019, 20:39 | #6 |
Ex nihilo nihil
Join Date: Oct 2017
Location: CH
Posts: 5,057
|
|
09 September 2019, 10:50 | #7 |
Registered User
Join Date: Sep 2018
Location: California
Posts: 361
|
Supporting https doesn’t mean you have to force https. It’s possible to maintain access via http.
|
09 September 2019, 17:16 | #8 |
Registered User
|
|
09 September 2019, 18:18 | #9 |
Registered User
Join Date: Oct 2009
Location: Germany
Posts: 3,310
|
Because Google can track you better if https is used. :P
|
25 September 2019, 10:13 | #10 |
cheeky scoundrel
Join Date: Nov 2004
Location: Spijkenisse/Netherlands
Age: 43
Posts: 6,978
|
Even though it is a good idea to support (but not necessarily force) HTTPS in a site, let's not kid ourselves that HTTPS makes browsing secure. It's the best effortless fix that can be done, it's not a solution.
Push comes to shove, data is only encrypted when going over the line. It's not encrypted at the source and the destination. So there are still plenty of points of attack to get to the unencrypted data. |
25 September 2019, 14:39 | #11 |
Moderator
Join Date: Nov 2004
Location: Eksjö / Sweden
Posts: 5,660
|
https doesn't matter for pages that don't pass credentials over the connection.
If a website has a user login, it should be over a secure connection. Some phpBB versions, even old ones, do have login on a separate https page. If there's a setting for such in this version, it would be good to turn it on. |
25 September 2019, 14:55 | #12 | |
It's coming back!
Join Date: Jul 2018
Location: comp.sys.amiga
Posts: 762
|
Quote:
|
|
10 October 2019, 21:03 | #13 |
Registered User
Join Date: Jul 2018
Location: Braunschweig / Germany
Posts: 62
|
Please dont lock out my amigas.
With my 060 A4000 it would be just even possible to go for https ....if i invest in a propper phase 5 turbo board or so wich contains propper fastram. But my A2000 would be locked out completely of EAB until i get a very Rare Turbo board. Asking if EAB should go over SSL is a bit like asking if aminet.net should be encrypted as well. I hope this stays open. Posted from my 4000 |
11 October 2019, 02:04 | #14 |
Moon 1969 = amiga 1985
Join Date: Apr 2007
Location: belgium
Age: 48
Posts: 3,914
|
You can keep http and https together than it won't block your amiga 4000.
But i don't see the point to make eab https...Perhaps someone could give good reasons but myself i can't. But i could be wrong. |
11 October 2019, 15:19 | #15 |
Shameless recidivist
Join Date: Jun 2012
Location: Duluth, Minnesota (USA)
Age: 38
Posts: 266
|
|
13 October 2019, 06:23 | #16 | ||
Registered User
Join Date: Feb 2007
Location: Melbourne, Australia
Age: 41
Posts: 3,773
|
Quote:
Quote:
|
||
13 October 2019, 07:32 | #17 |
The Old Fart!
Join Date: Oct 2019
Location: Last Seen In Purgatory!
Age: 57
Posts: 122
|
|
13 October 2019, 08:35 | #18 | |
Unregistered User
Join Date: Sep 2012
Location: Copenhagen / DK
Age: 44
Posts: 4,190
|
Quote:
Do you lock the door to your house when you're out? You know that thieves can get in anyway if they really want to? |
|
13 October 2019, 21:56 | #19 | |
The Old Fart!
Join Date: Oct 2019
Location: Last Seen In Purgatory!
Age: 57
Posts: 122
|
Quote:
Well lets see to day i could have been dead but a random choice saved my life, for real this is NOT a joke. No a few times i have left my door open / unlocked and a few windows besides few times chosen to do so and other times just plain for got to lock the damn door. Its also like people with bad passwords on the phone / computer / wifi etc, etc. don't take much if you or somebody else wanted to get in and have a good look round, This is why every password i have ever used is kinda like a MD5 checksum, not enough time in one human life time to crack that kinda password. And its not as if people have Quantum computers laying around.So some things are 99.98% secure. As long as you don't leave then writen down on paper in plain view for strangers to see. And what ever you do, Do NOT use password thingys in your browser dumbest thing to do these days. |
|
14 October 2019, 04:17 | #20 |
The Old Fart!
Join Date: Oct 2019
Location: Last Seen In Purgatory!
Age: 57
Posts: 122
|
PS: forgot to say that i will be going away on the 19th so no forum spam from me untill a later date.
Tell you what tho want my address, will put the kettle on just sa i leave the house backdoor and front door will be left unlocked and all windows in the house will be open so its nice and fresh when you arrive, fresh milk in the fridge, plenty of cookies in the jar next to the microwave oven, Knock your self out play some games on the PC's and or take your pick of the consoles. WE have really nice interweb speed as well so yeah have fun and stay a while... |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
HTTPS Downgrader - surf the web with your amiga again! | Cego | support.Apps | 0 | 07 January 2019 06:50 |
iBrowse and HTTPS sites? | stu232 | support.Apps | 4 | 23 November 2014 19:54 |
ACATune not supported | Retrofan | support.Other | 3 | 03 September 2012 01:24 |
games that need to be supported | dlfrsilver | Games images which need to be WHDified | 0 | 08 January 2006 01:25 |
|
|