Please enable secure connections (HTTPS)

Discussions, suggestions and error reports for the forums and website.
Post Reply
User avatar
candre23
Donor
Posts: 87
Joined: 12 Apr 2016 19:06

Please enable secure connections (HTTPS)

#1 » Post by candre23 » 09 May 2016 20:22

More of an issue for donations than the forums, but HTTPS is still good practice all around. I was all set to make a donation before I got a warning about the insecure connection. I tried to go to https://truewow.org, and it's not even enabled.

User avatar
Roel
Founder
Posts: 6485
Joined: 17 May 2010 14:51
Location: Planet Earth

Re: Please enable secure connections (HTTPS)

#2 » Post by Roel » 09 May 2016 20:36

candre23 wrote:More of an issue for donations than the forums, but HTTPS is still good practice all around. I was all set to make a donation before I got a warning about the insecure connection. I tried to go to https://truewow.org, and it's not even enabled.
The donate application is an external website in an iframe. It can be opened in a separate window and uses HTTPS.

User avatar
skavn
Posts: 4
Joined: 17 Mar 2015 18:48

Re: Please enable secure connections (HTTPS)

#3 » Post by skavn » 15 Jun 2016 11:53

I am also concerned about this. Is there any reason not to use HTTPS?

Speed shouldn't be a problem nowadays and credentials are transmitted in plaintext atm. Makes me cringe everytime I login.

I don't know how much SSL certificates cost, but it shouldn't be much compared to overall server cost. Correct me if I'm wrong.

User avatar
Eronox
MVP
Posts: 2331
Joined: 24 Apr 2016 11:03
Location: in ICC & Healing

Re: Please enable secure connections (HTTPS)

#4 » Post by Eronox » 15 Jun 2016 12:34

Some browsers doesn't support SSL along with some specific scripts who is running in the background to achieve the maximum user experience on a website. HTTPS SSL may also decrease performance, specially when users are downloading large files. This is because of the amount data who has to be decrypt. Also, for userability, You will probably want the home page accessible via HTTP, so that users don't have to remember to type https to get to it.


The donation page is running HTTPS, and you can see that at the URL bar once you get to the page where you are to enter your credentials.
.

There's things that never will be right I know, and things need changin' everywhere you go.
But 'til we start to make a move to make a few things right,
You'll never see me wear a suit of white.

- J.R Cash


User avatar
skavn
Posts: 4
Joined: 17 Mar 2015 18:48

Re: Please enable secure connections (HTTPS)

#5 » Post by skavn » 15 Jun 2016 13:00

I was not talking about the donation credentials, but the forum login.
To answer your concerns:
  1. All modern web browsers support SSL/TLS for quite a while...
  2. HTTPS WILL decrease performance, that is of no doubt. But it shouldn't be severe.
  3. Downloads should not be encryted. There is no point anyway.
  4. Enabling HTTPS does not automaticaly disable HTTP access. Both can be possible, though a default redirect to HTTPS would be desireable.
HTTPS can usually be enabled/disabled easisly so it could be tested to see if performance is a problem. And disabled again if other services suffer.

Another option would be the partial encryption of the login dialog. But that's not as easy.

User avatar
skavn
Posts: 4
Joined: 17 Mar 2015 18:48

Re: Please enable secure connections (HTTPS)

#6 » Post by skavn » 15 Jun 2016 14:25

I did some research and there's now free and easy to setup HTTPS. o_0

Check out : https://en.wikipedia.org/wiki/Let%27s_Encrypt
And: https://letsencrypt.org/getting-started/

Why not give it a try?

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest