Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Add HTTPS support
#1
In order to make the site a little more attractive HTTPS support should be added, both for security and because it makes the site feel safer. It's very easy now to get a cert from Let's Encrypt.

What do you guys think?
I like to code, duh.
Click here to see my latest projects and unfinished website.
Reply
#2
I didn't even notice it was not encrypted, I thought it was HTTPS all along >_>
Anyway, personally I have no problem.
M'illumino
d'immenso

-G. Ungaretti, Mattino

Spoiler: Stuff that may or may not be interesting


Spoiler: Remember this:
[Image: Mykkd5n.png]
Reply
#3
Having spent the last couple of days reading up on web site security, my jimmies are just rustling over the overhead that https adds. I don't really care for https outside of login pages, I've got to admit.
-Lex Rudera,
some knob who's just here, trying to get by, get productive, and achieve universal content.


Run off to the My Little Game Dev chat! Bounce some ideas around, or just have a friendly chat! I might even be found there.
Good company all around!
http://mylittlegamechat.com
Reply
#4
(08-09-2016, 04:56 AM)Lex Rudera Wrote:  Having spent the last couple of days reading up on web site security, my jimmies are just rustling over the overhead that https adds. I don't really care for https outside of login pages, I've got to admit.

How does https create any noticeable overhead? I don't think anyone has such crappy internet/PC that they'd even notice. Security is cheap.
I like to code, duh.
Click here to see my latest projects and unfinished website.
Reply
#5
Ironically, I was trying to find an secure cert for the site. I might add that to the site when I have the time.
Thanks for providing Let's Encrypt >u<
[Image: princess_luna_signature__testing__by_gru...5fgbio.png]
Status: Calming down and slowing down. Been busy almost 24/7.
"Reach your dreams to your highest potential!"
~John Jerome "Wishdream" Romero~
Reply
#6
I don't see how HTTPS would make a forum more "attractive" and feeling safer is total BS unless you are safer. I'm not sure what there is to be safe from in any case. Also, 'noticeable overhead' is kind of dependent on what a given individual would notice. I could be wrong but the impact of that overhead would increase with an increased number of simultaneous users. I'm not against HTTPS, but I don't think it's strictly a necessity for a small fandom forum that's pretty darn quiet most of the time.
Reply
#7
(09-07-2016, 11:31 PM)Stormy Wrote:  ...Also, 'noticeable overhead' is kind of dependent on what a given individual would notice. I could be wrong but the impact of that overhead would increase with an increased number of simultaneous users. ...

Since I've been dabbling with writing web-servers on somewhat of a lower level, with more performance and cheap hardware costs in mind, the prospect of going through encrypting and decrypting for everything single request back and forth seems daunting to me.

So it's the server I have in mind, not the clients. I'd offload all the work possible onto the clients for the sake of the server, as long as it doesn't leave any security risks.
-Lex Rudera,
some knob who's just here, trying to get by, get productive, and achieve universal content.


Run off to the My Little Game Dev chat! Bounce some ideas around, or just have a friendly chat! I might even be found there.
Good company all around!
http://mylittlegamechat.com
Reply
#8
(09-07-2016, 11:31 PM)Stormy Wrote:  I don't see how HTTPS would make a forum more "attractive" and feeling safer is total BS unless you are safer. I'm not sure what there is to be safe from in any case. Also, 'noticeable overhead' is kind of dependent on what a given individual would notice. I could be wrong but the impact of that overhead would increase with an increased number of simultaneous users. I'm not against HTTPS, but I don't think it's strictly a necessity for a small fandom forum that's pretty darn quiet most of the time.

I was talking about server overhead, because if communications are encrypted then every received unit has to be decrypted and every sent unit encrypted. Both ends must do this for an encrypted connection, no? So, as the number of simultaneous users increases so does the impact of encrypting communications. I'm not knowledgeable enough to have any idea whether it's possible to leverage the client in a beneficial way in this department.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)