Life In 19x19 http://lifein19x19.com/ |
|
SSL/TLS? http://lifein19x19.com/viewtopic.php?f=14&t=14200 |
Page 1 of 1 |
Author: | polar_bear [ Thu Apr 27, 2017 11:53 am ] |
Post subject: | SSL/TLS? |
So, just saw a post on OGS about this site coming back to life after some issues, but was immediately concerned by the lack of security on the website as a whole. I don't quite understand how any site would even consider accepting passwords without SSL/TLS enabled and forced. This is putting users at a rather serious risk on the modern internet. I know cost can be a concern, but now that free certificates from LetsEncrypt has full validity and default trust thanks to IdenTrust, that shouldn't be an issue. I saw that you're running Apache on an EC2 instance now, which means you can set up certbot to auto-renew these for Apache very, very easily. Let me know if I can be of any help with getting this set up. Internet security is a very near and dear topic to me both professionally and personally, and I hate seeing users being put at risk. I know it's only a Go forum, but so many people have similar or identical passwords for critical and non-critical sites that it's worth the half an hour of time investment to do what's right for your users. |
Author: | Kirby [ Thu Apr 27, 2017 1:38 pm ] |
Post subject: | Re: SSL/TLS? |
Thanks for bringing this up, polar_bear. Admins are discussing some options. |
Author: | dfan [ Thu Apr 27, 2017 2:31 pm ] |
Post subject: | Re: SSL/TLS? |
In the meantime, this is a good reminder that not only should you avoid duplicating passwords between sites in general (any site can get hacked), you should doubly avoid using a password on a site like this that doesn't support https (yet) anywhere else. |
Page 1 of 1 | All times are UTC - 8 hours [ DST ] |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |