should this forum go to using https

This forum is for suggestions and discussion about this site. What would you like to see?

Moderators: 52D, Tom F, Rlangham, Atlantic 3279, Blink Bonny, Saint Johnstoun, richard

Post Reply
User avatar
NER Y7 0-4-0T
Posts: 9
Joined: Mon Oct 27, 2014 11:49 pm

should this forum go to using https

Post by damo2929 »

think this forum needs to be moved to https hosting because of passwords and login's at the moment this is all carried in plain text
User avatar
LNER A4 4-6-2 'Streak'
Posts: 3356
Joined: Thu Sep 01, 2005 5:11 pm
Location: Wichita Falls, Texas

Re: should this forum go to using https

Post by richard »

Thanks. It is something I'm aware of and keeping an eye on.

Basically, it wasn't long ago that https was a serious pain in the posterior (and expensive) but it is becoming more practical all the time, and it won't be long before it is practical for the forums (and the rest of the website). The recent announcement from the EFF regarding SSL certificates is a case in point.

So it will happen eventually but not in the next month or so. Such a change isn't necessarily as trivial as it should be though, and I'll post an announcement ahead of time and probably make the change during a weekend.

Before people get scared, be aware that the potential attack profile is not as wide as you might think. For example, cookies are already encrypted, so most people when reading the forums potentially only expose their password once every >6 months or so. And then there are a load of "ifs" before someone has the chance to steal it. In other words it is pretty obscure albeit not at an ideal level of security.
Richard Marsden
LNER Encyclopedia
Post Reply