Hello,
Just registered to the forum and the browser warned me that the connection is not encrypted. Hence the passwords and login credentials are sent in plain form over the internet.
Please secure the server with SSL to minimize security breaches.
Thank you
Please add SSL to the forum
- Posts: 4
- Joined: 29 Mar 2017
- Posts: 1038
- Joined: 8 May 2006
(Just to point out...
That [Firefox] warning is... eh.
A non-secure login has always been & will always be, insecure.
There is nothing new, changed, or unexpected in that respect.
It is only that now it is specifically being pointed out to [Mozilla] users.
And with that, supposedly there are no "performance" reasons not to use SSL, as SSL should in fact be faster, as its able to use speedy [SPDY].
And supposedly [& of this part I know nothing] one can get "free" certificates, self-signing, or some such...
So theoretically, these days, there should be no reason not to use SSL.)
That [Firefox] warning is... eh.
A non-secure login has always been & will always be, insecure.
There is nothing new, changed, or unexpected in that respect.
It is only that now it is specifically being pointed out to [Mozilla] users.
And with that, supposedly there are no "performance" reasons not to use SSL, as SSL should in fact be faster, as its able to use speedy [SPDY].
And supposedly [& of this part I know nothing] one can get "free" certificates, self-signing, or some such...
So theoretically, these days, there should be no reason not to use SSL.)
-
- Site Admin
- Posts: 7211
- Joined: 9 Dec 2007
SSL certificates are a rip-off IMHO considering their gratuitous costs and are a yet another way to make easy money with practially zero effort for the providers. (I'm not talking about EV certificates, which require at least some effort, but then demand royal payment...) Self-signing won't help to get rid of Mozilla's warning, obviously, because there is no validation from a reputable authority. So essentially it's one more software tax to pay, similar to the de facto mandatory code signing.
Anyway, all of this is not your problem. I already own an SSL certificate for freefilesync.org, but it's just not being used currently. Perhaps it's time to activate it, if only for the forum.
Anyway, all of this is not your problem. I already own an SSL certificate for freefilesync.org, but it's just not being used currently. Perhaps it's time to activate it, if only for the forum.
-
- Posts: 2451
- Joined: 22 Aug 2012
Activating https would already do the trick of no longer having interceptable, unencrypted data traversing the Internet.
The purpose of the certificate (if any) if to assure the identity of the server being contacted.
The "problem" of using https but not having a (proper) certificate is that most modern browsers will still complain/warn about not being able to verify the identity of the server, and will discourage the user to continue.
Apparently this "scares" some users.
For the FreeFileSync site I personally don't care much about encryption. The information that is shared here is in my view not privacy sensitive. Obviously, I use unique user credentials for each and every site I subscribe to, so I even see little opportunity for harm if my FFS forum login-data would be intercepted.
The purpose of the certificate (if any) if to assure the identity of the server being contacted.
The "problem" of using https but not having a (proper) certificate is that most modern browsers will still complain/warn about not being able to verify the identity of the server, and will discourage the user to continue.
Apparently this "scares" some users.
For the FreeFileSync site I personally don't care much about encryption. The information that is shared here is in my view not privacy sensitive. Obviously, I use unique user credentials for each and every site I subscribe to, so I even see little opportunity for harm if my FFS forum login-data would be intercepted.
-
- Site Admin
- Posts: 7211
- Joined: 9 Dec 2007
SSL is now active. Please let me know if something broke.
- Posts: 1
- Joined: 4 Apr 2017
I joined just to say that I'm impressed this happened so quickly.
