It is currently Wed May 24, 2017 6:32 am

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
Offline
 Post subject: SSL/TLS?
Post #1 Posted: Thu Apr 27, 2017 11:53 am 
Beginner

Posts: 1
Liked others: 1
Was liked: 2
Rank: OGS 12k
So, just saw a post on OGS about this site coming back to life after some issues, but was immediately concerned by the lack of security on the website as a whole. I don't quite understand how any site would even consider accepting passwords without SSL/TLS enabled and forced. This is putting users at a rather serious risk on the modern internet.

I know cost can be a concern, but now that free certificates from LetsEncrypt has full validity and default trust thanks to IdenTrust, that shouldn't be an issue. I saw that you're running Apache on an EC2 instance now, which means you can set up certbot to auto-renew these for Apache very, very easily.

Let me know if I can be of any help with getting this set up. Internet security is a very near and dear topic to me both professionally and personally, and I hate seeing users being put at risk. I know it's only a Go forum, but so many people have similar or identical passwords for critical and non-critical sites that it's worth the half an hour of time investment to do what's right for your users.


This post by polar_bear was liked by 2 people: Bonobo, dfan
Top
 Profile  
 
Offline
 Post subject: Re: SSL/TLS?
Post #2 Posted: Thu Apr 27, 2017 1:38 pm 
Judan

Posts: 7331
Liked others: 1325
Was liked: 1115
KGS: Kirby
Tygem: 커비라고해
Thanks for bringing this up, polar_bear. Admins are discussing some options.

_________________
Discipline is remembering what you want. -David Campbell


This post by Kirby was liked by: Bonobo
Top
 Profile  
 
Offline
 Post subject: Re: SSL/TLS?
Post #3 Posted: Thu Apr 27, 2017 2:31 pm 
Lives in sente

Posts: 845
Liked others: 370
Was liked: 192
Rank: AGA 4k KGS 4k
GD Posts: 61
KGS: dfan
In the meantime, this is a good reminder that not only should you avoid duplicating passwords between sites in general (any site can get hacked), you should doubly avoid using a password on a site like this that doesn't support https (yet) anywhere else.


This post by dfan was liked by 3 people: Baywa, Bonobo, polar_bear
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group