Force HTTPS on forum
#1
Exclamation 
As of right now, the website can be visited without HTTPS (http://forum.pine64.org). This is a major security risk as it's possible to steal cookies over the network.
Find me in the forest, when I'm at my lowest. I don't really think you should continue..

HOLD YOUR BREATH.
  Reply
#2
Pretty sure we've been down this road.

If you are so worried, don't use it.  (Does your "s" key work? Smile )

Some of us want the "scary insecure" way to do it.
  Reply
#3
(03-02-2021, 02:49 AM)KC9UDX Wrote: If you are so worried, don't use it.

It also breaks the website in some way as well (e.g. recent alerts)

See attachment.


Attached Files Thumbnail(s)
   
Find me in the forest, when I'm at my lowest. I don't really think you should continue..

HOLD YOUR BREATH.
  Reply
#4
A static web site with no accounts might be fine on HTTP.

Otherwise, HTTPS -- "This is the way".

Yes, on the forums (and any other part of Pine64 community or store) that has an account HTTPS must be being enforced. This is for security.

CORS is a separate issue.
  Reply
#5
We had a long discussion on this a while back, but I can't find it because the search here stinks.

Mandatory self-security for the sole sake of self-security isn't really necessary. Not on the forum. The store, yes. Forum, no.

Last time, I probably likened this to the mandatory use of electronic stability systems in cars. If it makes you feel safer, by all means you do it. But there's really no need to force everyone to. Know you limits, take responsibility for yourself. Obviously, don't use the same password here that you use for your Bitcoin wallet. But hey even if you do, you know the risk. If you don't know the risk, you shouldn't be online.
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Create a marketplace forum ajawadmahmoud 4 250 10-23-2021, 02:49 AM
Last Post: igorp
  Disappearing forum alerts dsimic 3 814 04-20-2021, 09:24 PM
Last Post: dsimic
  Extra newlines in forum post TRS-80 5 1,293 02-26-2021, 09:47 PM
Last Post: KC9UDX
  Anyone having issues with the forum? RegularGuy 11 2,350 02-16-2021, 04:21 PM
Last Post: dgdimick
  Forum issue: not receiving emails marcih 9 3,178 02-11-2021, 06:36 AM
Last Post: marcih
  Account delete on Pine64 Forum User 12599 3 3,069 01-06-2021, 09:14 PM
Last Post: moulder
  Is the forum software of Pine64 open source? Peter Gamma 2 2,124 10-07-2020, 02:38 AM
Last Post: Peter Gamma
  Please create a PineTab section in the forum eaglecup 2 3,065 07-29-2020, 12:26 PM
Last Post: JamesGrelf
  Forum issues after the cluster move Dendrocalamus64 2 2,724 06-09-2020, 05:53 PM
Last Post: Dendrocalamus64
  Suggested UX improvements for forum site Stevie-O 14 8,031 06-03-2020, 09:18 AM
Last Post: lot378

Forum Jump:


Users browsing this thread: 1 Guest(s)