Please enable secure connections (HTTPS)
Please enable secure connections (HTTPS)
More of an issue for donations than the forums, but HTTPS is still good practice all around. I was all set to make a donation before I got a warning about the insecure connection. I tried to go to https://truewow.org, and it's not even enabled.
Re: Please enable secure connections (HTTPS)
The donate application is an external website in an iframe. It can be opened in a separate window and uses HTTPS.candre23 wrote:More of an issue for donations than the forums, but HTTPS is still good practice all around. I was all set to make a donation before I got a warning about the insecure connection. I tried to go to https://truewow.org, and it's not even enabled.
Re: Please enable secure connections (HTTPS)
I am also concerned about this. Is there any reason not to use HTTPS?
Speed shouldn't be a problem nowadays and credentials are transmitted in plaintext atm. Makes me cringe everytime I login.
I don't know how much SSL certificates cost, but it shouldn't be much compared to overall server cost. Correct me if I'm wrong.
Speed shouldn't be a problem nowadays and credentials are transmitted in plaintext atm. Makes me cringe everytime I login.
I don't know how much SSL certificates cost, but it shouldn't be much compared to overall server cost. Correct me if I'm wrong.
Re: Please enable secure connections (HTTPS)
Some browsers doesn't support SSL along with some specific scripts who is running in the background to achieve the maximum user experience on a website. HTTPS SSL may also decrease performance, specially when users are downloading large files. This is because of the amount data who has to be decrypt. Also, for userability, You will probably want the home page accessible via HTTP, so that users don't have to remember to type https to get to it.
The donation page is running HTTPS, and you can see that at the URL bar once you get to the page where you are to enter your credentials.
The donation page is running HTTPS, and you can see that at the URL bar once you get to the page where you are to enter your credentials.
.
“ There's things that never will be right I know, and things need changin' everywhere you go.
But 'til we start to make a move to make a few things right,
You'll never see me wear a suit of white. ”
- J.R Cash
“ There's things that never will be right I know, and things need changin' everywhere you go.
But 'til we start to make a move to make a few things right,
You'll never see me wear a suit of white. ”
- J.R Cash
Re: Please enable secure connections (HTTPS)
I was not talking about the donation credentials, but the forum login.
To answer your concerns:
Another option would be the partial encryption of the login dialog. But that's not as easy.
To answer your concerns:
- All modern web browsers support SSL/TLS for quite a while...
- HTTPS WILL decrease performance, that is of no doubt. But it shouldn't be severe.
- Downloads should not be encryted. There is no point anyway.
- Enabling HTTPS does not automaticaly disable HTTP access. Both can be possible, though a default redirect to HTTPS would be desireable.
Another option would be the partial encryption of the login dialog. But that's not as easy.
Re: Please enable secure connections (HTTPS)
I did some research and there's now free and easy to setup HTTPS. o_0
Check out : https://en.wikipedia.org/wiki/Let%27s_Encrypt
And: https://letsencrypt.org/getting-started/
Why not give it a try?
Check out : https://en.wikipedia.org/wiki/Let%27s_Encrypt
And: https://letsencrypt.org/getting-started/
Why not give it a try?
Who is online
Users browsing this forum: No registered users and 1 guest