Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


HTTPS for LET - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

HTTPS for LET

2

Comments

  • @Mun said: It leaves a gleaming green glow in the upper left hand of your browser :)

    Anything else to help you sleep good at night?

  • MunMun Member

    @doughmanes said: Anything else to help you sleep good at night?

    @chief getting involved. (I know it is a dream)

  • mojedamojeda Member

    Who is @Chief? /s

  • MrOwenMrOwen Member

    @Mun said: It leaves a gleaming green glow in the upper left hand of your browser :)

    >Implying @Chief would spring for an EV cert.
    >Implying LET has the proper documents for an EV cert

  • udkudk Member

    @bdtech said: All that's needed is SSL at login. This will keep you safe enough on public networks.

    If you're going to have SSL, have it everywhere. Just on login will do shit all for security as you can intercept session cookies elsewhere.

  • SpencerSpencer Member

    EV SSL Certs are so dumb. I would say about 99.1% of all users dont know/care about it

  • MrOwenMrOwen Member

    @Spencer said: EV SSL Certs are so dumb. I would say about 99.1% of all users dont know/care about it

    Wait. Let me get this straight: you mean to say tech-illiterate people don't know that in order to get the EV cert, you have to submit a bunch of documents proving you're a real business??? And on top of that, they don't know what an EV cert is??!? :\

  • NickONickO Member

    @Mun said: I can theoretically steal your password and take over your account.

    You going to fly to New Zealand, find my address, come to my house, crack my 24 digit WiFi password and then sniff packets just to find my LET password? Go ahead.

  • yomeroyomero Member

    @udk said: If you're going to have SSL, have it everywhere. Just on login will do shit all for security as you can intercept session cookies elsewhere.

    Agree
    And despite that, big companies like Valve still do it ¬_¬ useless.

  • DStroutDStrout Member

    @NickO said: You going to fly to New Zealand, find my address, come to my house, crack my 24 digit WiFi password and then sniff packets just to find my LET password? Go ahead.

    New Zealand, here I come. Where did you say you lived in NZ again? Also, for security purposes, I'm going to need to verify your Wifi password.

  • MunMun Member

    @DStrout said: New Zealand, here I come. Where did you say you lived in NZ again? Also, for security purposes, I'm going to need to verify your Wifi password.

    just take his internet connect and put a hub on it with wireshark :)

  • klikliklikli Member
    edited May 2013

    I guess there is a more common scenario. Right now I use a LEB provider here to proxy my Internet connection. Without HTTPS, in theory, he could steal my password and session (cookies).

  • @MrOwen said: >Implying LET has the proper documents for an EV cert

    Funny how some folks demand almost similar documents/"proof" for a LEB host offer

  • MrOwenMrOwen Member

    @doughmanes said: Funny how some folks demand almost similar documents/"proof" for a LEB host offer

    And cue conspiracy theories.

  • @MrOwen said: And cue conspiracy theories.

    Chief shot JFK
    Liam is Justin Bieber's brother from a one night stand that the Bieber family won't agree to DNA tests for
    Infinity snitched on bin Laden, leading to his death

  • mojedamojeda Member
    edited May 2013

    This may interest a few people:

    https://www.eff.org/https-everywhere

  • eva2000eva2000 Veteran

    LET uses Nginx so why not SSL for SPDY support ?

  • marcmmarcm Member

    @eva2000 said: LET uses Nginx so why not SSL for SPDY support ?

    @eva2000 - It runs on Nginx 1.0.13 - For proper SPDY support it needs to run Nginx 1.4. I think that a better option would be to just turn on the CloudFlare features and call it a day ;-)

  • jeffjeff Member

    I am now going to watch Logan's Run, sometime I like the runners, sometimes I like the sandmen.

  • pie > cake

  • mojedamojeda Member

    ^ I concur.

  • Hey Mr. @Mun I like pie...

    image

  • ChanChan Member

    Off-topic:

    Does LET even have IPv6?

  • vedranvedran Veteran

    No, but LET once had Thanks button, does that count?

  • ConnorlConnorl Member
    edited May 2013

    @darknessends said: Troll Mass Generator.

    @darknessends said: I can not run serverbear, others please check ?

    @darknessends said:

    NEWBIE ! Control Panel - I need free / open source
    I like Zpanel. what else is out there these days, needing something really very easy to be used.
    Webmin is a bit of unfriendly to newbies.

    Do I need to continue?

  • rm_rm_ IPv6 Advocate, Veteran

    HTTPS on LET and similar forums is useful for at least one purpose: to protect people who use the same password in more than one place. E.g. on LET and in their E-Mail account. Yes you can say they shouldn't do that in the first place, but really, a cert from StartSSL is free, and I see no downsides from adding it (other than "oh but it's a whole 15 minutes of effort").

  • udkudk Member

    @rm_ said: HTTPS on LET and similar forums is useful for at least one purpose: to protect people who use the same password in more than one place. E.g. on LET and in their E-Mail account. Yes you can say they shouldn't do that in the first place, but really, a cert from StartSSL is free, and I see no downsides from adding it (other than "oh but it's a whole 15 minutes of effort").

    Having it NOT work on some devices/browsers can be detrimental when users are faced with a bright red warning page. It's also not free as they use cloudflare and would need to upgrade accounts (assuming they currently use free.) If they don't use the free account, they wouldn't need to purchase any SSL certs at all - just let cloudflare handle SSL.

  • mojedamojeda Member

    @udk said: just let cloudflare handle SSL

    I think this handles SSL like: User <-SSL-> Cloudflare <-No SSL-> Server

  • MunMun Member

    @mojeda said: I think this handles SSL like: User <-SSL-> Cloudflare <-No SSL-> Server

    It can, or you can have ssl in the backend as well.

Sign In or Register to comment.