Why don't we have https?

If your problem doesn't fall within the three sub-categories, please use the Feedback Forum above
Post Reply
wix
01
Posts: 18
Joined: Fri Jan 05, 2018 1:37 pm

Why don't we have https?

Post by wix »

I don't know if this issue has been raised before (couldn't find it by searching), but is there a reason why the forum is not using https? Every time I log in, Firefox reminds me that this is an insecure site and I shouldn't be giving it my account details. I think most modern web browsers do this.

It seems, at least to me, that there really is no reason for any website to not be secure in 2017 2018 even, especially a forum with a login function.

Here are a few reasons I found to use https:
  • It stops account hijacking by people who snoop on network traffic. (Roommate, Coffee shop...)
  • It provides some privacy in that the contents of posts are hidden. (Mainly applicable for people in countries that restrict free speech.)
  • It prevents ISPs or anyone else from tampering with the webpage and inserting ads.
  • It removes a barrier for anyone who might have wanted to make an account, but their browser gave them a warning. (Yeah, I'm serious about this one.)
I don't know exactly how difficult it is to convert a phpBB forum to use https, but it's certainly possible (maybe even pretty easy). Also, certificates are cheap apparently free now with Let's Encrypt.

I don't mean to come across as harsh, but it feels like a bit of a disservice and a clear improvement to make. What do you all think?
User avatar
takenoko
Team Baron
Team Baron
Posts: 36659
Joined: Mon Dec 10, 2007 8:33 pm
Gender: Toast
Favorite series: All of them
Alignment: Neutral
My boom: stick
Quote: <Lunagel> That's Toei's dumb fault
Type: ISFJ Protector
Location: Yami ni umare, yami ni kisu
Contact:

Re: Why don't we have https?

Post by takenoko »

Honestly don't know. I'd have to ask our tech guy.
User avatar
XIII
The Conspiracy
Posts: 5511
Joined: Tue Dec 18, 2007 12:10 pm
Favorite series: Garo
2nd Favorite Series: KR Faiz - Kab
Alignment: Chaotic Evil
My boom: Devil Z
Location: UK

Re: Why don't we have https?

Post by XIII »

SSL certs are not cheap. While there is Lets Encrypt, it can be tricky to get it working on an automated basis as those certs are only valid for 3 months.

Just depends how much work you want to put into it verses the cost of simple solutions.
Live for the Moment, for the Moment is Eternal!
wix
01
Posts: 18
Joined: Fri Jan 05, 2018 1:37 pm

Re: Why don't we have https?

Post by wix »

Sure, it depends on how much work you put in, but I think it is an important feature.

I spent a couple of hours yesterday replacing my self-signed certs with Lets Encrypt for a personal site and it wasn't a huge task. Admittedly, I don't know if the timer job I set up works yet, but you can always set it to a few days early to allow some time to check it.

Can you give it a shot? I don't know what your system is, but as long as the http service is untouched by the changes, the forum should still be in business. I might be talking out of my ass here, though.

I'd be more than happy to assist with troubleshooting/testing if you want.
Post Reply

Return to “Tech Support”