This forum is served over HTTP



  • Seriously, it's 2018 and this forum isn't served over TLS. There are free certs available everywhere and tutorials for literally any webserver you could possibly think of, and it's typically stupid easy to set it up with a free Let's Encrypt cert. There is no excuse.



  • I totally agree; see, for example, https://letsencrypt.org.



  • @slitherrr said:

    Seriously, it's 2018 and this forum isn't served over TLS. There are free certs available everywhere and tutorials for literally any webserver you could possibly think of, and it's typically stupid easy to set it up with a free Let's Encrypt cert. There is no excuse.

    We are in the process of revamping our entire web site.

    Patience is a virtue...



  • Patience isn't really a factor for something like this, but I'm glad it's on the roadmap. What is the hosting situation of the forum, because if it's anything closer to the wire than a 1&1 budget hosting instance, I guarantee you it will take maybe ten minutes of work to put an ssl-terminating nginx proxy with a self-updating Let's Encrypt cert on the server's port 443 and just fix it for good without waiting for a revamp.

    It would also allow you to serve this over web-standard ports rather than having 4567 as your canonical, so you'd get double benefits.



  • I'm sure the web devs will do what's necessary and best for the community when they can. It's not just about time but about priorities and resources.



  • If they could be urged that not exposing their users to random script injections or credential-sniffing should be a priority, then I would recommend said urging. Also, maybe more relevantly to a company trying to make money, Google's SEO de-emphasizes non-HTTPS sites.



  • As I said previously, it's being worked on. I would advise you to perhaps take a look at our other communities; Facebook, Reddit or Discord, etc., if you are concerned about the level of safety and security on these forums as they are. I'm happy to provide you with the links if you like.



  • Let's wait a little bit more. In chrome at the end of 2018 each website without ssl will be noticed as "unsecured". SSL on websites are very important to me. I play a lot of MMORPGs like world of warcraft and very often I buy wow gold so websites without ssl are just dangerous for me.



  • That will actually happen with Chrome 68 which will be released this month.



  • This is really good idea, and having SSL would be easy to get too. If you want to use something like Let's Encrypt. They give free renewable SSL certificates for websites that aren't self signed, and have a good trust level. I have had no issues for my sites when using Let's Encrypt.