Force HTTPS on forum
#1
Exclamation 
As of right now, the website can be visited without HTTPS (http://forum.pine64.org). This is a major security risk as it's possible to steal cookies over the network.
Find me in the forest, when I'm at my lowest. I don't really think you should continue..

HOLD YOUR BREATH.
  Reply
#2
Pretty sure we've been down this road.

If you are so worried, don't use it.  (Does your "s" key work? Smile )

Some of us want the "scary insecure" way to do it.
  Reply
#3
(03-02-2021, 02:49 AM)KC9UDX Wrote: If you are so worried, don't use it.

It also breaks the website in some way as well (e.g. recent alerts)

See attachment.


Attached Files Thumbnail(s)
   
Find me in the forest, when I'm at my lowest. I don't really think you should continue..

HOLD YOUR BREATH.
  Reply
#4
A static web site with no accounts might be fine on HTTP.

Otherwise, HTTPS -- "This is the way".

Yes, on the forums (and any other part of Pine64 community or store) that has an account HTTPS must be being enforced. This is for security.

CORS is a separate issue.
  Reply
#5
We had a long discussion on this a while back, but I can't find it because the search here stinks.

Mandatory self-security for the sole sake of self-security isn't really necessary. Not on the forum. The store, yes. Forum, no.

Last time, I probably likened this to the mandatory use of electronic stability systems in cars. If it makes you feel safer, by all means you do it. But there's really no need to force everyone to. Know you limits, take responsibility for yourself. Obviously, don't use the same password here that you use for your Bitcoin wallet. But hey even if you do, you know the risk. If you don't know the risk, you shouldn't be online.
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Why are you using MyBB for this forum? notramo 3 179 11-25-2022, 04:04 PM
Last Post: slondr
Lightbulb Add a dark theme for the forum? cowsay 1 292 08-31-2022, 10:13 AM
Last Post: commiecam
Exclamation Why still force us on paypal Jantje 21 3,543 07-24-2022, 12:44 PM
Last Post: zetabeta
  Broken forum? arno_nuehm 16 4,092 03-12-2022, 03:00 AM
Last Post: arno_nuehm
  How to delete my Pine64 forum account Scooterman 1 1,082 12-09-2021, 07:50 AM
Last Post: tophneal
  Forum account problems diederik 3 1,556 11-19-2021, 02:44 PM
Last Post: Arwen
  pine64 forum annoying diplay on mobiles / PinePhone mob 2 1,507 11-12-2021, 07:16 PM
Last Post: bcnaz
  Create a marketplace forum ajawadmahmoud 4 2,075 10-23-2021, 02:49 AM
Last Post: igorp
  Disappearing forum alerts dsimic 3 2,195 04-20-2021, 09:24 PM
Last Post: dsimic
  Extra newlines in forum post TRS-80 5 2,787 02-26-2021, 09:47 PM
Last Post: KC9UDX

Forum Jump:


Users browsing this thread: 1 Guest(s)