Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Using HTTPS on lowendtalk.com
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Using HTTPS on lowendtalk.com

nerouxneroux Member
edited March 2014 in General

Hi,

any chance of having SSL properly enabled for LET? Currently there is already an active HTTPS instance, which however only redirects to its HTTP counterpart.

It would be nice to be able to have a secure browsing experience.

«13456

Comments

  • said: It would be nice to be able to have a secure browsing experience.

    Why?

  • perennateperennate Member, Host Rep

    joelgm said: Why?

    Why not?

    Thanked by 3kerouac Cikon ucxo
  • @joelgm said:
    Why?

    I dont think HTTPS requires a why these days ;-)

  • @perennate said:
    Why not?

    That's a good reason.

    Thanked by 1Sander
  • perennateperennate Member, Host Rep

    joelgm said: That's a good reason.

    Thanks, I thought so too.

  • We had it for a short while but BSA was giving issues. I can investigate it again if there's enough demand?

    Thanked by 2gattytto Minty
  • nerouxneroux Member
    edited March 2014

    mpkossen said: We had it for a short while but BSA was giving issues.

    BSA?

    mpkossen said: I can investigate it again if there's enough demand?

    That would be lovely.

  • Mark_RMark_R Member
    edited March 2014

    You could add a Poll to the thread i guess.

    I think that it is a very good idea to enable/fix it. It would be very useful to people who use public hotspots or shared modems, they wouldn't have to establish a vpn tunnel anymore everytime they log in to LET if SSL is going to be enabled.

  • AlexanderMAlexanderM Member, Top Host, Host Rep

    SSL Would be nice. As when someone swears on a thread, it just get's blocked at my work lol.

    • Alexander
  • wychwych Member

    It would be nice to have...

  • I also vote for HTTPS/SSL.

  • ricardoricardo Member
    edited March 2014

    Yes, go for it. All the horrible things I was going to say that gets "saved to draft" are getting seen by the man in the middle.

  • MultiMulti Member

    Would like to see it too :)

  • neroux said: BSA?

    Buysellads

  • bdtechbdtech Member
    edited March 2014

    SSL, yes please. Even easier with cloudflare and now especially as they plan to offer it free

  • I'd like to see SSL as well.

  • Not forced SSL please.

    Thanked by 1tux
  • wychwych Member

    @serverian said:
    Not forced SSL please.

    How come?

    But I agree... Ideally, an option under Account Options to enable/disable per user would be nice.

  • VPNVPN Member
    edited March 2014

    @ricardo said:

    +1

    @wych said:
    But I agree... Ideally, an option under Account Options to enable/disable per user would be nice.

    My experience with redirect rules is basic but I'm fairly certain it wouldn't be simple to allow per user forced SSL?

    As it requires edits to the .htaccess file, that would mean a rewrite rule per user, someone please correct me if I'm wrong - I probably am lol.

    Thanked by 1ucxo
  • wychwych Member
    edited March 2014

    @OkieDoke said:
    As it requires edits to the .htaccess file, that would mean a rewrite rule per user, someone please correct me if I'm wrong - I probably am lol.

    Nothing like giving the mods a challenge ;)

    Could do something along the lines of...

    if userSSL = true then do nothing
    if userSSL = false then redirect to http://

    or in reverse, not the nicest way but still...

    Thanked by 1VPN
  • Yes please. I asked for this a long time ago and it still hasn't materialized.

  • ricardoricardo Member
    edited March 2014

    OkieDoke said: As it requires edits to the .htaccess file, that would mean a rewrite rule per user

    It wouldn't. Since you can check pretty much anything in the request headers, simply checking for a cookie value would do fine. You'd probably want to store the rule in the apache config though, to save every request parsing the .htaccess file........ though it still leaves the choice of whether to be https or not when a user is not logged in (or does not have the cookie value).

    Thanked by 1VPN
  • neroux said: BSA?

    BuySellAds, the joint that makes this place earn $$$.

    @serverian said:
    Not forced SSL please.

    Any reason against SSL?

    OkieDoke said: As it requires edits to the .htaccess file, that would mean a rewrite rule per user, someone please correct me if I'm wrong - I probably am lol.

    You can header with PHP, that's not an issue.

    Thanked by 1VPN
  • mpkossen said: Any reason against SSL?

    More CPU cycles and bandwidth, but it's not really a big deal to most I'd imagine.

  • BruceBruce Member

    Any reason against SSL?

    did some reading on this last year. plenty of stuff talking about hits on cache and CPU. decided not to use SSL for whole site, and just for login. not an uncommon approach it seems. but maybe that's wrong. interesting if cloudflare supports it.

    unless your concerned about login details, I don't see why you'd need it for just general browsing of threads.

  • Bruce said: unless your concerned about login details, I don't see why you'd need it for just general browsing of threads.

    For login you're obfuscating the POSTed username and password across the wire. But since you require some form of authentication for subsequent page views, a session ID, that's just as susceptible to the issues of sending unencrypted data (the session gets hijacked). It doesn't make too much sense doing it just for logins, though maybe the 'fingerprints' of submitted variable names makes a very slight difference.

    In some cases it makes sense to encrypt the data that is displayed on the page too, i.e. a private area. Since this place is public, not so much a huge requirement.

  • SSL make for a slower browsing experience. Please don't make it mandatory.

    Thanked by 1tux
  • perennateperennate Member, Host Rep
    edited March 2014

    sleddog said: SSL make for a slower browsing experience. Please don't make it mandatory.

    Google and Youtube are that slow?

    Thanked by 1Noerman
  • perennate said: Google and Youtube are that slow?

    Yeah, awful ;)

  • MunMun Member

    I don't think we should. It makes more sense to give more info to our friends at the NSA. I mean really, we trust them right?

    Mun

Sign In or Register to comment.