possibility of switching the site over to HTTPS?

Started by mourningdove, November 20, 2016, 12:58:50 AM

Previous topic - Next topic

mourningdove

Just wondering. Not sure of what all that would entail.

Kizzie

Hi Mourningdove - Actually I have no idea if that's possible or even why it might be desirable in that I am not an IT person.  I just manage the basics of this site and go to OOTF admin team when something is beyond me.  I have no idea either of what that would entail, but also not why it might be an improvement due to my limited knowledge/skills.   

mourningdove

Hi Kizzie,  I am certainly not a tech person either, so i will paste from Wikipedia rather than fumble around with my own words trying to explain what it is and why it would be desirable:

QuoteIn its popular deployment on the internet, HTTPS provides authentication of the website and associated web server with which one is communicating, which protects against man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with or forging the contents of the communication.[6] In practice, this provides a reasonable guarantee that one is communicating with precisely the website that one intended to communicate with (as opposed to an impostor), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party.

Historically, HTTPS connections were primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems. In the late 2000s and early 2010s, HTTPS began to see widespread use for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.
https://en.wikipedia.org/wiki/HTTPS

Thanks for reading. :)


Kizzie

 :aaauuugh:  lol.  I can't speak to this,  but I will put it to our awesome and always patient helper from OOTF -- Eclipse. We may  already have this kind of protection in place I don't know, but perhaps he can shed some light on the matter.  :Idunno:

meursault

I think it's fairly straight forward to do, for someone who already can administer this stuff.  Looks like you're hosted on GoDaddy, and they provide certificates for secure http.  They have step by step instructions on how to do it.  I look at it, and it seems like it makes sense, so probably someone who knows what they're doing could do it pretty easily.  I think it's little more than going into the host account settings and changing some options.

Meursault

Kizzie


eclipse

Yes this is something we're long overdue to do. We actually already bought the site security license (SSL) and then I failed spectacularly to get it properly set up for the message boards, then I got distracted and never got back to it. Let me double down to see if I can get it done before the end of the year.


Three Roses

Eclipse, you are one of the people who works behind the scenes, keeping everything running smoothly and we appreciate you so much! :wave:


Kizzie

Tks Eclipse and to you as well Mourningdove for bringing this to our attention  :thumbup:

mourningdove

As of Firefox version 51, a pop-up message appears at login on OOTS that says this:

QuoteThis connection is not secure. Logins entered here could be compromised.   

Just wanted to let you all know.


Kizzie


Blueberry

Yeah, I got a pop-up message like that today too.

Kizzie

Unfortunately we have lost our IT guy so I have asked over at OOTF to see if I can get a hand with issues like this. 

Kizzie

We're getting some glitches because OOTS needs to be updated to the latest version of SMF. I am still looking for some IT help with that since we lost our former guru, but no joy so far. So little glitches may pop up until then - apologies, we'll have to hang in there until I can locate some help.