Meta: Why no https for login?

Started by quickshot, April 12, 2019, 01:35:03 PM

Previous topic - Next topic

quickshot

This is a forum meta bug: Why do we have to send our login credentials unencrypted (via http, instead of https)?

Phil Harvey

#1
Well, for one thing I'm not running an https server on this machine.

But I don't know if SMF is able to do this.

- Phil

Edit: Also, I think this would require me to get a certificate for the HTTPS server, which I know would be a pain in the ass because it has a limited lifetime and would have to be updated regularly.
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

stephane-gourichon

Hi all, hi Phil.

Big thanks for making exiftool and maintaining it. Been using it for a long time, it is very comprehensive (and thanks for citing Saint-Exupéry and the need to keep things minimal).
I just subscribed to the forum and browsed a little before I'll talk about what motivates my visit here (hint: write some external code that provides higher level features on top of exiftool).

Quote from: Phil Harvey on April 15, 2019, 07:31:40 AM
Well, for one thing I'm not running an https server on this machine.

But I don't know if SMF is able to do this.

Yes, it is able, see for example Re: Is it possible to make your forum HTTPS...? « Reply #1 on: May 17, 2017, 05:21:13 PM » With 2.0.14 it completely is.

I'm aware this is nowhere near a hint as to how to do it. Since you were able to setup SMF without https, and the main site with https, I guess you can do it.

Quote from: Phil Harvey on April 15, 2019, 07:31:40 AM
Edit: Also, I think this would require me to get a certificate for the HTTPS server, which I know would be a pain in the ass because it has a limited lifetime and would have to be updated regularly.

For my servers I use letsencrypt.org and am satisfied. After the initial setup it can update itself for an unlimited period of time.

From their home page:

> Let's Encrypt is a free, automated, and open Certificate Authority.

Oh, I see you already use it for the main site. Maybe "great minds think alike". :-)

Thanks again and keep up the good work!

Phil Harvey

The main site is Linux and I'm not the administrator for that system.  This forum is on my Mac.
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

Jom

QuoteThis forum is on my Mac
Does it never turn off? Just at home on the table?

Phil Harvey

It's the Mac on my desk at Queen's.  It never turns off.

See this old picture (I have a new computer and monitor now, but the desk is the same).

- Phil
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).

quickshot

For what's worth: Today I have HTTPS. Certificate signed by "Let's Encrypt Authority X3"... ;-) Thank whoever did it!

Phil Harvey

Yes.  I retired from Queen's University so I moved the forum to Dreamhost.  Their server supports https.

- Phil
...where DIR is the name of a directory/folder containing the images.  On Mac/Linux/PowerShell, use single quotes (') instead of double quotes (") around arguments containing a dollar sign ($).