New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
https / SSL for LEB & LET?
Hi
Would it be possible to enable https / ssl on LET and - while we are at it - on LEB?
A 1024 cert would be better than nothing and wouldn't cost much ressources...
If it's not possible, what's the reason?
(Currently https://lowendtalk.com redirects (301) to http://lowendtalk.com)
Thanks, and I'm glad to be part of this community, hi everybody
Thanked by 1luissousa
Comments
It's a forums where information is public. Yes it's nice, but is our admin willing to add the CPU overhead?
There are several threads with this petition, without luck
What @netomx said...
It's sponsored by ColoCrossing, I'm sure they have enough resources.
isnt there another thread regarding this a week ago?
They have the resources (we are now in a cluster)... but what purpose would having SSL serve?
I didn't know that. That's awesome.
Wat?
More secure, less chance of a man in the middle attack or such things.
Its a bl**dy forum, not even a sensitive one at that.
CC purchased it off @Liam
Off @chief
Other offers were barely considered back then though.
Thanks for clarification
Since there is no ssl when you login its all plain text so very easy to coffee shop attack. Simply put taking someones cokkies off wifi and then making fake offers as that person would not be to hard. So yes the infomation is public but ur reputation as a host or a buyer can be compermised.
After heartbleed? hah. Good timing.
We tried installing a certificate on LET before but it broke some of the site's functionality.
Wouldn't it be better for the individual using open wifi to take steps to protect all of his/her browsing activity, rather than depend on websites to do it for him (/her)? It would be easier I think than demanding that every website use SSL....
Agreed, if the person seriously cares about their data's security then they will take measures through their own methods to protect their data. Going on a public network and then complaining about the host not being secure is just being an ass on the client's end.
Does something come into your mind--without throwing oneself into the hands of unknown people? A VPN won't be of any help as it can't ensure the integrity of requested data at source. It can just help to somehow increase security with the transfer of the data.
There is no logical or justifiable reason to add the burden of SSL to the cluster.
If you're really sharing data too sensitive for HTTP then share it over email privately or Skype - not on a PUBLIC forum.
Hell, I'm not a security expert by no means When I'm on public/open wifi I create an ssh tunnel to a vps and use that for browsing. Maybe that's not protecting me... see I said I wasn't a security expert
TBH, that's perfectly fine as it's just a VPN. However, it does not defeat the reason for SSL. The VPN just tries to protect the transport from the contacted source to your endpoint. Whatever that source is. With SSL you can somehow make sure that the source is what you expected (except MITMed traffic).
Ofc, that does not explain why one might need SSL on a public forum. I haven't yet found a reason why one could. But I also haven't thought about it long enough.
So I can use the same password as my online banking, silly.
The fact that no decent reason comes to your mind straight away shows it would be a pointless task lol.
Well, no question is too dumb to be asked ;-)
Does not mean the website should not use ssl at all. How can you take steps to keep it safe if it still travels over the open internet. Short of somehow getting a vm on the same rack as lowendtalk to then be ur vpn tunnel your going to be SOL. One factory security is not the best but adding more layers is always better.
Security implementation is always a tradeoff. SSL termination is easily DDoS'd since it's got such a nice leverage factor.
"Our admin" is "third party hosted vanillaforums.com" in this case, no?
I would think for the ridiculous prices VF charges, a little hand-holding to install SSL would be included.
With modern CPUs...seriously? People are talking about SSL like it's 1995 and you need special cards to offload the massive mathematical processing.
But in this case - who cares? It's not LET paying the CPU toll.
No...
From the looks of it lowendtalk is using cloudflare. They can have the ssl termated there and if there is "ddos" it will happen on cloudfalres side"