Jump to content
Due to a large amount of spamers, accounts will now have to be approved by the Admins so please be patient. ×
IGNORED

Forum Updates


Recommended Posts

  • 3 weeks later...
I don't think having HTTPS ensures your site wont get hacked anyway.

 

It will only encrypt traffic between the browser and the server. It does not affect how data is stored at either end. eg. you could submit you password via HTTPS and it'd be encrypted during transit to the server, but that wouldn't stop the server then storing it as a plain text record somewhere.

 

HTTPS does mean certificates, which means that there's some authentication of the server end for the client (if anyone ever looks at the certificates). It also means that devices like corporate firewalls or malware cannot undetectably monitor or modify the traffic as the certificates must be changed. It does mean browsers will treat scripts loaded by pages differently (ie scripts must be loaded over https).

 

Google is pushing pretty hard for everyone to move to HTTPS, including publishing that they treat HTTPS sites better in search results (they don't normally discus what ranks well).

 

Given the low cost of certificates these days (starting at free), the general speed of webservers meaning the additional overheads of encryption are minimal, I think the benefits outweigh the negatives.

Link to comment
Share on other sites

  • Administrators
It will only encrypt traffic between the browser and the server. It does not affect how data is stored at either end. eg. you could submit you password via HTTPS and it'd be encrypted during transit to the server, but that wouldn't stop the server then storing it as a plain text record somewhere.

 

HTTPS does mean certificates, which means that there's some authentication of the server end for the client (if anyone ever looks at the certificates). It also means that devices like corporate firewalls or malware cannot undetectably monitor or modify the traffic as the certificates must be changed. It does mean browsers will treat scripts loaded by pages differently (ie scripts must be loaded over https).

 

Google is pushing pretty hard for everyone to move to HTTPS, including publishing that they treat HTTPS sites better in search results (they don't normally discus what ranks well).

 

Given the low cost of certificates these days (starting at free), the general speed of webservers meaning the additional overheads of encryption are minimal, I think the benefits outweigh the negatives.

 

Its the time it takes to implement that's the problem on old forum software like this. I've looked at alternative software like Xenforo however I found out things like subscriptions don't get imported which means manually doing it which again means time.

Link to comment
Share on other sites

Its the time it takes to implement that's the problem on old forum software like this. I've looked at alternative software like Xenforo however I found out things like subscriptions don't get imported which means manually doing it which again means time.

 

Depending on what platform you're running on, it shouldn't require any changes to the bulletin board software at all. Last one I shunted to https was an apache site which took about 15 minutes. Ran it in parallel on port 443 with the normal site on port 80 for a week or too to test, then put the permanent redirect from 80 to 443 in later.

 

Even if it's not doable directly, it might be doable as a reverse proxy?

Link to comment
Share on other sites

  • Administrators
Depending on what platform you're running on, it shouldn't require any changes to the bulletin board software at all. Last one I shunted to https was an apache site which took about 15 minutes. Ran it in parallel on port 443 with the normal site on port 80 for a week or too to test, then put the permanent redirect from 80 to 443 in later.

 

Even if it's not doable directly, it might be doable as a reverse proxy?

 

It is doable its just not high priority right now. I've discussed this with @Brad 6 months ago and is something that will eventually get implemented in the near future.

Link to comment
Share on other sites

It is doable its just not high priority right now. I've discussed this with @Brad 6 months ago and is something that will eventually get implemented in the near future.

 

Totally understand. There's probably not a huge amount of benefit to be had here until Google start changing their icon for every HTTP site to a big red "INSECURE" icon. Similarly, I have loads of stuff on my back burner that I'll get to once I get time or it becomes important enough. I often say that once it's on the to-do list it does get done, though possibly not before my wife buys me this:

 

if_a_man_says_he_will_fix_it_coffee_mug-r915c3625e6e94fb0bf65193a6b350b95_x7jgr_8byvr_540.jpg

Link to comment
Share on other sites

  • 1 year later...
  • Administrators
Forum updated to 4.2.5 and seems to be running nice and quick with PHP 7.0

Currently rebuilding the search engine so keep this in mind if you have issues searching the site.

 

Nice work. I know what a pain in the arse it is =(

 

Brad

Link to comment
Share on other sites

  • Administrators
Nice work. I know what a pain in the arse it is =(

 

Brad

 

Yeah one of the plugins is giving me an error when I try to access the Admin panel when using PHP 7.1 so for now I've set it to 7.0 until the search engine finishes rebuilding, I'll continue looking into it after that.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...