Is it possible to make your forum HTTPS...?

[snadge]

And it's not a lot of work. It's changing the URL in four or five places all of which are centralized in the repair settings. PHP file. The only thing you have to do is build the forced redirect into your htaccess and the code for that can be found with a simple Google search. I have no idea what you're talking about with your host and Cloud hosting backups none of this affects the actual files on your site except for the HTaccess file

Im talking about their backup system is not straight forward if you want to make one NOW... compared to cPanel which was a 1 click solution to back up both... and again to restore...  with their 'in-house built cloud hosting', you have too login myPHPadmin using your 7yr old long forgotten db username and password, create the backup - then go into MySQL / Backup & Restore n select your back up and then you have to select a 'given' time by them when to download it (usually in a few hours or so time), you cant download it straight away...and all this is just for the DB?

for the files I have to either FTP them OR create a new folder next to Public_HTML etc called BACKUP and copy them into that on the Control Panel.

Also Im not familiar in how to use the repair settings.php file, some screenshots along with the instruction might invoke a bit more confidence in users to try them out.

also I guess you may not have read when I said:

I also have a GUIDES section made by Simple Portal 'Pages' which points too HTTP pages (and some of these have links in them that point to other HTTP guides on my site...) I made the mistake of including the full url instead of /linkofpage.html in the html code - so I would have to spend hours adjusting all that

so it would be a lot of hard work

thanks

[Arantor]

If you're OK with users being told that the site is insecure when they log in, then you don't need HTTPS.

[snadge]

If you're OK with users being told that the site is insecure when they log in, then you don't need HTTPS.

well thats always been the case until support was made for it in 2.0.14 wasnt it?

[Arantor]

No, that's been the case forever that it wasn't secure without HTTPS - and it was possible to have HTTPS a decade ago, just it wasn't possible to have the images proxied until 2.0.14.

But now browsers ACTIVELY say sites are insecure. This is what really prompted it because while it wasn't especially secure, people didn't worry so much about it.

Here's what happens when I go to your site in Chrome... it flat out tells me it is insecure.

[snadge]

No, that's been the case forever that it wasn't secure without HTTPS - and it was possible to have HTTPS a decade ago, just it wasn't possible to have the images proxied until 2.0.14.

But now browsers ACTIVELY say sites are insecure. This is what really prompted it because while it wasn't especially secure, people didn't worry so much about it.

Here's what happens when I go to your site in Chrome... it flat out tells me it is insecure.

I appreciate that thanks Arantor. But most of the forums (SMF ones too) are still using non-HTTPS logins (KITZ, ThinkBroadband just to name a few)

your gunna make me do this aren't you? hehe I've a feeling you trust me to able to do it more than myself 

[Arantor]

I'm not trying to make you do anything. I'm trying to give you enough information to make a judgement call yourself as to whether this is a problem for you and your members.

[snadge]

I'm not trying to make you do anything. I'm trying to give you enough information to make a judgement call yourself as to whether this is a problem for you and your members.

well ive put a poll and question post for my regs...al 5 or 6 of em lol

I could do it, Im just lacking confidence and sometimes the size of a task just makes you think..stuff it hehe

if members want it, it shall be done

thanks again

[Jailer]

The only thing you have to do is build the forced redirect into your htaccess and the code for that can be found with a simple Google search.

Which makes me wonder why this site is accessible via http when this information is given out as a response to several support questions regarding the conversion to https. Is this forums server handled in house? If so why hasn't someone done this here?

[Illori]

because we have not, why is that any of your business why we may or may not be forcing https at this time?

[Arantor]

Because whether the team likes it or not, it sets an example for everyone else.

[Kindred]

Actually, there is a reason...  the package manager server still hits us at http (and several other sub URLs, possibly)

So, the main forum is https, as is the mod site... but we can not do the htaccess force yet

[Jailer]

because we have not, why is that any of your business why we may or may not be forcing https at this time?

It's not, I was just curious.

Because whether the team likes it or not, it sets an example for everyone else.

This is what I was thinking as well and why I asked.

Actually, there is a reason...  the package manager server still hits us at http (and several other sub URLs, possibly)

So, the main forum is https, as is the mod site... but we can not do the htaccess force yet

Makes sense, thanks for the reply even though it is none of my business.   

[Arantor]

The package manager thing would have been something to fix in 2.0.14, but I guess we can add it to the list of things that wasn't tested for in the months that the patch has been around for.

Also, 'what business is it of xyz'... it is our business when 1) you set an example for the community and 2) if you're having packages sent over plain, you better hope no-one MITMs that in transit.