News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

[SMF 2.1 RC2] FTP Links

Started by Massl, April 09, 2019, 09:53:59 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 All
User actions

Arantor

#20
April 12, 2019, 02:13:56 AM
You really should change that given how browsers will actively tell your users that your site is insecure.

It also means that your users can be fairly trivially hacked because passwords can get sent around in plain text! But sure, your convenience is more important than your users' security.

GigaWatt

#21
April 12, 2019, 03:28:26 PM
Quote from: Arantor on April 12, 2019, 02:13:56 AM
You really should change that given how browsers will actively tell your users that your site is insecure.

I know and I've opened up a thread about it, explaining that this is actually pushed by Google and that there is nothing to worry about.

Quote from: Arantor on April 12, 2019, 02:13:56 AM
It also means that your users can be fairly trivially hacked because passwords can get sent around in plain text! But sure, your convenience is more important than your users' security.

And how were passwords sent 10, 15 years ago ???. Most of the sites didn't have SSL back then and yet, most of them weren't hacked or sniffed or whatever. If someone want's to get to your data, they will, doesn't matter what type of encryption you're using, it's just a matter of time.

And about the convenience thing... I'm a volunteer here. Basically, I'm also a volunteer there too. That forum exists only because I want it to exist. None of the previous admins were up to the task of keeping the forum alive in it's former state (SMF 1.1.16 back then, none of them knew how to actually transfer the forum to another host), let alone upgrading it... I did both. There are literally only 10-20 people reading that forum. Excuse me if I don't get all choked up for about 20 people that might get their credentials compromised on a forum that actually only costs me money to run and produces 0 revenue. Sure, I admit, it's a good place to hang around, chat and exchange stuff, etc., but I'm not gonna waste my spare time implementing SSL on a forum that's mostly dead. It's hard enough keeping it alive as it is.

Not to mention frequent host changes (we go where the rent is low... I'm not rich, and, even if I was, there is no point in paying $100 a month for 20 active users ::)) and that I have to reimplement SSL there too ::)... only a drag that I'm not planing wasting time on.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Aleksi "Lex" Kilpinen

#22
April 12, 2019, 03:35:13 PM
You know, most hosts offer free SSL these days - and even if they don't, you can still get it for free with a little effort. I switched all my sites over to https within minutes when I decided it was time.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

GigaWatt

#23
April 12, 2019, 04:24:43 PM
Yes, I know. The problem is that I have to reimplement it every time I switch hosts... and I don't know when I'm going to switch hosts since we've done it three times in the past year. Things are stable now, but I don't know for how long :-\.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."
Print
Go Up Pages 1 2 All
User actions
Advertisement: