Text only | Text with Images

ExifTool Forum

General => Other Discussion => Topic started by: quickshot on April 12, 2019, 01:35:03 PM

Title: Meta: Why no https for login?
Post by: quickshot on April 12, 2019, 01:35:03 PM
This is a forum meta bug: Why do we have to send our login credentials unencrypted (via http, instead of https)?
Title: Re: Meta: Why no https for login?
Post by: Phil Harvey on April 15, 2019, 07:31:40 AM
Well, for one thing I'm not running an https server on this machine.

But I don't know if SMF is able to do this.

- Phil

Edit: Also, I think this would require me to get a certificate for the HTTPS server, which I know would be a pain in the ass because it has a limited lifetime and would have to be updated regularly.
Title: Re: Meta: Why no https for login?
Post by: stephane-gourichon on August 01, 2019, 02:56:16 PM
Hi all, hi Phil.

Big thanks for making exiftool and maintaining it. Been using it for a long time, it is very comprehensive (and thanks for citing Saint-Exupéry and the need to keep things minimal).
I just subscribed to the forum and browsed a little before I'll talk about what motivates my visit here (hint: write some external code that provides higher level features on top of exiftool).

Quote from: Phil Harvey on April 15, 2019, 07:31:40 AM
Well, for one thing I'm not running an https server on this machine.

But I don't know if SMF is able to do this.

Yes, it is able, see for example Re: Is it possible to make your forum HTTPS...? « Reply #1 on: May 17, 2017, 05:21:13 PM » With 2.0.14 it completely is. (https://www.simplemachines.org/community/index.php?topic=553960.0#msg3926494)

I'm aware this is nowhere near a hint as to how to do it. Since you were able to setup SMF without https, and the main site with https, I guess you can do it.

Quote from: Phil Harvey on April 15, 2019, 07:31:40 AM
Edit: Also, I think this would require me to get a certificate for the HTTPS server, which I know would be a pain in the ass because it has a limited lifetime and would have to be updated regularly.

For my servers I use letsencrypt.org (https://letsencrypt.org/) and am satisfied. After the initial setup it can update itself for an unlimited period of time.

From their home page:

> Let's Encrypt is a free, automated, and open Certificate Authority.

Oh, I see you already use it for the main site. Maybe "great minds think alike". :-)

Thanks again and keep up the good work!
Title: Re: Meta: Why no https for login?
Post by: Phil Harvey on August 01, 2019, 04:50:18 PM
The main site is Linux and I'm not the administrator for that system.  This forum is on my Mac.
Title: Re: Meta: Why no https for login?
Post by: Jom on August 02, 2019, 04:50:15 PM
QuoteThis forum is on my Mac
Does it never turn off? Just at home on the table?
Title: Re: Meta: Why no https for login?
Post by: Phil Harvey on August 02, 2019, 06:38:03 PM
It's the Mac on my desk at Queen's.  It never turns off.

See this old picture (https://exiftool.org/forum/index.php/topic,2950.msg13237.html#msg13237) (I have a new computer and monitor now, but the desk is the same).

- Phil
Title: Re: Meta: Why no https for login?
Post by: quickshot on May 09, 2020, 03:43:01 PM
For what's worth: Today I have HTTPS. Certificate signed by "Let's Encrypt Authority X3"... ;-) Thank whoever did it!
Title: Re: Meta: Why no https for login?
Post by: Phil Harvey on May 09, 2020, 04:19:25 PM
Yes.  I retired from Queen's University so I moved the forum to Dreamhost.  Their server supports https.

- Phil
Text only | Text with Images