TrueWoW

The oldest and most dedicated WoW server Community since 2010.
https://truewow.org/forum/

Please enable secure connections (HTTPS)

https://truewow.org/forum/viewtopic.php?f=7&t=34842

Page 1 of 1

Please enable secure connections (HTTPS)

Posted: 09 May 2016 20:22
by candre23
More of an issue for donations than the forums, but HTTPS is still good practice all around. I was all set to make a donation before I got a warning about the insecure connection. I tried to go to https://truewow.org, and it's not even enabled.

Re: Please enable secure connections (HTTPS)

Posted: 09 May 2016 20:36
by Roel
candre23 wrote:More of an issue for donations than the forums, but HTTPS is still good practice all around. I was all set to make a donation before I got a warning about the insecure connection. I tried to go to https://truewow.org, and it's not even enabled.
The donate application is an external website in an iframe. It can be opened in a separate window and uses HTTPS.

Re: Please enable secure connections (HTTPS)

Posted: 15 Jun 2016 11:53
by skavn
I am also concerned about this. Is there any reason not to use HTTPS?

Speed shouldn't be a problem nowadays and credentials are transmitted in plaintext atm. Makes me cringe everytime I login.

I don't know how much SSL certificates cost, but it shouldn't be much compared to overall server cost. Correct me if I'm wrong.

Re: Please enable secure connections (HTTPS)

Posted: 15 Jun 2016 12:34
by Eronox
Some browsers doesn't support SSL along with some specific scripts who is running in the background to achieve the maximum user experience on a website. HTTPS SSL may also decrease performance, specially when users are downloading large files. This is because of the amount data who has to be decrypt. Also, for userability, You will probably want the home page accessible via HTTP, so that users don't have to remember to type https to get to it.


The donation page is running HTTPS, and you can see that at the URL bar once you get to the page where you are to enter your credentials.

Re: Please enable secure connections (HTTPS)

Posted: 15 Jun 2016 13:00
by skavn
I was not talking about the donation credentials, but the forum login.
To answer your concerns:
  1. All modern web browsers support SSL/TLS for quite a while...
  2. HTTPS WILL decrease performance, that is of no doubt. But it shouldn't be severe.
  3. Downloads should not be encryted. There is no point anyway.
  4. Enabling HTTPS does not automaticaly disable HTTP access. Both can be possible, though a default redirect to HTTPS would be desireable.
HTTPS can usually be enabled/disabled easisly so it could be tested to see if performance is a problem. And disabled again if other services suffer.

Another option would be the partial encryption of the login dialog. But that's not as easy.

Re: Please enable secure connections (HTTPS)

Posted: 15 Jun 2016 14:25
by skavn
I did some research and there's now free and easy to setup HTTPS. o_0

Check out : https://en.wikipedia.org/wiki/Let%27s_Encrypt
And: https://letsencrypt.org/getting-started/

Why not give it a try?
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/