Author Topic: HTTPS (Read 292 times)

Cheryl · « **on:** April 20, 2009, 02:08:26 AM »

Could you enable HTTPS?

Doesn't have to be on by default but even a self-signed certificate would bring more security to those that want it. In particular, public proxies like with Tor can very easily sniff passwords when not encrypted.

If you use Firefox you can get the plugin called Perspectives which looks at a site from multiple directions to verify you have the right certificate, it also displays stats for how long it has had a particular certificate if it has seen that site before. Even without it you can still tell that it has had the same certificate as last week.

http://www.cs.cmu.edu/~perspectives/

Vesp · « **Reply #1 on:** April 25, 2009, 09:40:05 PM »

I will get HTTPS as soon as I can afford it. My hosting says it costs a hundred dollars a year. If there is an alternative to buying it, I'd like to hear it.

v16 · « **Reply #2 on:** May 02, 2009, 11:12:38 PM »

you can get a self signed certificate that you keep on the board.

Vesp · « **Reply #3 on:** May 03, 2009, 02:33:12 AM »

If I do that, then most of the people using firefox, or others won't be able to use the HTTPS. I guess I'll do that when I get the chance, probably in the up coming week.

heisenberg · « **Reply #4 on:** July 19, 2009, 07:52:48 PM »

Just curious, but what's the status of this?

There was a link up on the main page for a while, but it didn't actually work. Is this an abandoned project?

Vesp · « **Reply #5 on:** July 21, 2009, 07:22:25 PM »

It is a neglected project.

I'll look more into it though probably tomorrow or the next day, but that doesn't mean I'll get HTTPS that soon, but I'll try.

v16 · « **Reply #6 on:** July 21, 2009, 07:29:53 PM »

What server type is this running on? Firefox works with a self signed certificate, you just need to add an exception for it. (Encryption still works, it is just not automatic)

If you are on a linux server there is a really good tutorial for setting up https. Really the only thing it is good for on a site like this (where registration is open) is to keep passwords encrypted when sent. If you had a chat room set up, it would encrypt that too, which would be nice. (BTW the ajax chat integration for SMF is very nice, and easy to install)

Vesp · « **Reply #7 on:** July 21, 2009, 07:36:21 PM »

This does use linux, do you have the tutorial?
I'll check out the ajax chat.

Vesp · « **Reply #8 on:** July 21, 2009, 08:17:17 PM »

The chat mod you've suggested is not up to date with this forum... Tsk tsk.
Do you run a SMF forum as well?

v16 · « **Reply #9 on:** July 21, 2009, 08:32:39 PM »

are you sure about that? I thought it was good for 1.1.9...oh you are running 1.1.10. Just downgrade to 1.1.9...it will probably work with 1.1.10 too

I set these things up for building HOA's, for owners/renters to talk about building issues...Makes good side money.

Vesp · « **Reply #10 on:** August 16, 2009, 03:41:45 AM »

https://secure64.inmotionhosting.com/~theves5/

This allows you to look at single pages in HTTPS.
.. seems like I need to link something to the same database to get it to all work properly though. I'll read about it.

Wizard X · « **Reply #11 on:** January 07, 2010, 11:49:29 PM »

The Apache server is running on HTTP (port 80) and NO HTTPS (port 443). HTTPS would have to be activated and configured on the Apache server.

Initiating server query ...
Looking up IP address for domain: www.thevespiary.org
The IP address for the domain is: 205.134.255.128
Connecting to the server on standard HTTP port: 80
[Connected] Requesting the server's default page.
The server returned the following response headers:
HTTP/1.1 200 OK
Date: Thu, 07 Jan 2010 23:45:07 GMT
Server: Apache
Last-Modified: Thu, 07 Jan 2010 20:12:07 GMT
Accept-Ranges: bytes
Content-Length: 85268
Connection: close
Content-Type: text/html
Query complete.

marakov · « **Reply #12 on:** June 06, 2010, 05:30:56 AM »

I too please would like HTTPS.

Vesp · « **Reply #13 on:** June 06, 2010, 07:39:29 AM »

I am looking into it. In order to do this I will need a VPS I believe, and they are rather expensive. I am working on the details to get it, but a lot of the time when it comes to servers I am a pretty decent newb so I need to make sure I understand everything before I go along with it. When I get it though the entire site ought to be HTTPS though, which will be nice and then I can also look into deleting all the IP addresses every hour or something to that extent as well, and see what other security things I can come up with.

Author Topic: HTTPS (Read 292 times)

Cheryl

HTTPS

Vesp

Re: HTTPS

v16

Re: HTTPS

Vesp

Re: HTTPS

heisenberg

Re: HTTPS

Vesp

Re: HTTPS

v16

Re: HTTPS

Vesp

Re: HTTPS

Vesp

Re: HTTPS

v16

Re: HTTPS

Vesp

Re: HTTPS

Wizard X

Re: HTTPS

marakov

Re: HTTPS

Vesp

Re: HTTPS