New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Using HTTPS on lowendtalk.com
Hi,
any chance of having SSL properly enabled for LET? Currently there is already an active HTTPS instance, which however only redirects to its HTTP counterpart.
It would be nice to be able to have a secure browsing experience.
Comments
Why?
Why not?
I dont think HTTPS requires a why these days ;-)
That's a good reason.
Thanks, I thought so too.
We had it for a short while but BSA was giving issues. I can investigate it again if there's enough demand?
BSA?
That would be lovely.
You could add a Poll to the thread i guess.
I think that it is a very good idea to enable/fix it. It would be very useful to people who use public hotspots or shared modems, they wouldn't have to establish a vpn tunnel anymore everytime they log in to LET if SSL is going to be enabled.
SSL Would be nice. As when someone swears on a thread, it just get's blocked at my work lol.
It would be nice to have...
I also vote for HTTPS/SSL.
Yes, go for it. All the horrible things I was going to say that gets "saved to draft" are getting seen by the man in the middle.
Would like to see it too
Buysellads
SSL, yes please. Even easier with cloudflare and now especially as they plan to offer it free
I'd like to see SSL as well.
Not forced SSL please.
How come?
But I agree... Ideally, an option under Account Options to enable/disable per user would be nice.
+1
My experience with redirect rules is basic but I'm fairly certain it wouldn't be simple to allow per user forced SSL?
As it requires edits to the .htaccess file, that would mean a rewrite rule per user, someone please correct me if I'm wrong - I probably am lol.
Nothing like giving the mods a challenge
Could do something along the lines of...
if userSSL = true then do nothing
if userSSL = false then redirect to http://
or in reverse, not the nicest way but still...
Yes please. I asked for this a long time ago and it still hasn't materialized.
It wouldn't. Since you can check pretty much anything in the request headers, simply checking for a cookie value would do fine. You'd probably want to store the rule in the apache config though, to save every request parsing the .htaccess file........ though it still leaves the choice of whether to be https or not when a user is not logged in (or does not have the cookie value).
BuySellAds, the joint that makes this place earn $$$.
Any reason against SSL?
You can header with PHP, that's not an issue.
More CPU cycles and bandwidth, but it's not really a big deal to most I'd imagine.
did some reading on this last year. plenty of stuff talking about hits on cache and CPU. decided not to use SSL for whole site, and just for login. not an uncommon approach it seems. but maybe that's wrong. interesting if cloudflare supports it.
unless your concerned about login details, I don't see why you'd need it for just general browsing of threads.
For login you're obfuscating the POSTed username and password across the wire. But since you require some form of authentication for subsequent page views, a session ID, that's just as susceptible to the issues of sending unencrypted data (the session gets hijacked). It doesn't make too much sense doing it just for logins, though maybe the 'fingerprints' of submitted variable names makes a very slight difference.
In some cases it makes sense to encrypt the data that is displayed on the page too, i.e. a private area. Since this place is public, not so much a huge requirement.
SSL make for a slower browsing experience. Please don't make it mandatory.
Google and Youtube are that slow?
Yeah, awful
I don't think we should. It makes more sense to give more info to our friends at the NSA. I mean really, we trust them right?
Mun