Hi all,

today we made one more big step in forum security. At past 3 weeks I spend quite a lot of time to secure our server, to obtain and install security certificate, to upgrade forum software and to patch holes in security. The final step is to switch forum from unsecured web-protocol HTTP to secured HTTPS protocol.

What it means for you? From now nobody can steal your password via sniffing connection btw our server and your comp. We have the same level of security of connections as banks have.

4659

I still have to make some cleanup at forum (for some browsers and mobile phones), and then will start to secure our main site.

Well done Moses. This is a huge step forward. It will help keeps the 'sticky-beaks' out of the blog.

Well done Moses. This is a huge step forward. It will help keeps the 'sticky-beaks' out of the blog.It means nothing of the sort, assuming you think it means only logged-in users can read the general run of the mill nonsense that's posted here. All it means that no-one can steal your password and log in as you

Yeah, SSL is important, and even Google now ranks sites differently depending whether or not they blanket their site with SSL. It's extremely simplistic to activate though, and a simple free subscription to CloudFlare does the job these days. Before you had to screw around facing your certificates of incorporation over to Thwarte or Verisign in order to get granted a SSL certificate. Plus it'd cost around $250/year, include technical hassles, etc. Nowadays it's free, and takes 5 minutes to implement on any site out there.

But yes, SSL is important. Not so much for this site, as it's not like we're sharing confidential information here, but nonetheless, a good measure to take. Definitely can't hurt anything.

SGT doesn't use Cloudflare for SSL. Everything been secured directly on our server, including preparation, obtaining certificate, patching holes. That why it took 3 weeks in total.

But now we can proudly show A+ grade level of security :)

4667

It means nothing of the sort, assuming you think it means only logged-in users can read the general run of the mill nonsense that's posted here. All it means that no-one can steal your password and log in as you

#3 @frequent
I did not mention whether the blog can be read; it is, and has been for a long time, completely open to be read, without login, by anyone interested.
But it will help to keep out the 'sticky beaks' who may be interested in collecting passwords and other personal details.

It really is like having a lock on one's front door - it will help keep people out of your house but it may not stop the determined and skilled burglar.

So, for the future, please just read what I have written without your interpretation of what you thought I meant.

SGT doesn't use Cloudflare for SSL. Everything been secured directly on our server, including preparation, obtaining certificate, patching holes. That why it took 3 weeks in total.

Yeah, yeah, understood. I bet you're older than me, aren't you? You're older than 35, correct?

Not sure why you made it so difficult on yourself, but I definitely understand the process, and I've been through it before. In the current age though, there's absolutely no reason to make it that difficult on yourself. Cloudflare or your own signed SSL certificate, it's still the same encryption, and still supported by the same amount of browsers.

The only reason to get a SSL cert nowadays is if you're a reputable financial firm, or similar, and users need to verify that you are in fact the owner of the SSL cert.

But yeah, your site, so up to you. SSL is definitely a good move, as it will probably enhance your rankings in Google. A few years back Google came out and publicly stated they will favor sites that force connections to SSL in their rankings.



4667[/QUOTE]

Moses wrote:
"What it means for you? From now nobody can steal your password via sniffing connection btw our server and your comp. We have the same level of security of connections as banks have."

This is indeed reassuring. Imagine if some imposter logged in as me and started writing nice things about The Rabbi Poxxy, Freaky or The SNP. My reputation would suffer untold damage. Haha.

So, for the future, please just read what I have written without your interpretation of what you thought I meant.If you used commonly understood phrases in commonly understood ways there would be no need to make any assumptions. A "sticky beak" does not mean, except in your fevered imagination, someone who goes around stealing people's passwords as any Google search will show you

I bet you're older than me, aren't you? You're older than 35, correct?So an ageist as well as an arsehole. Just what the Board needs

Everything been secured directly on our server, including preparation, obtaining certificate, patching holes. That why it took 3 weeks in total.

not everything - you need perhaps to spend a few more days to find the remaining holes that are still allowing insecure mixed content on some forum pages losing you your beloved green lock on such pages

bkkguy

not everything - you need perhaps to spend a few more days to find the remaining holes that are still allowing insecure mixed content on some forum pages losing you your beloved green lock on such pages

bkkguy

I know about mixed content. I have no plans to fix it - it is in past post and appears cuz of hosted at 3d-part servers pictures (photohostings used by some members). For sure I can just run SQL and change http to https without warranty what posts will continue to show pictures... so my decision is: don't fix it, also as per statistic 99.9% of users use main page for to login, and main page is secured.

PS, there are not just "everything", but "everything on our server" ;)

I have no plans to fix it - it is in past post

I am confused as to why you would consider posts made today - after this post of yours - as being "in the past"

I will leave it to other forum users to read their browser warnings about mixed content and take their own precautions, they can also draw their own conclusions about your decision "don't fix it" and your earlier statement about having "the same level of security of connections as banks have" - and I am sure current posters, like for example Smiles, will not be concerned if/when their reputation is sullied by forum readers being infected with malware from their posts because of your cavalier attitude

bkkguy