Force HTTPS on forum
#1
Exclamation 
As of right now, the website can be visited without HTTPS (http://forum.pine64.org). This is a major security risk as it's possible to steal cookies over the network.
Find me in the forest, when I'm at my lowest. I don't really think you should continue..

HOLD YOUR BREATH.
  Reply
#2
Pretty sure we've been down this road.

If you are so worried, don't use it.  (Does your "s" key work? Smile )

Some of us want the "scary insecure" way to do it.
  Reply
#3
(03-02-2021, 02:49 AM)KC9UDX Wrote: If you are so worried, don't use it.

It also breaks the website in some way as well (e.g. recent alerts)

See attachment.


Attached Files Thumbnail(s)
   
Find me in the forest, when I'm at my lowest. I don't really think you should continue..

HOLD YOUR BREATH.
  Reply
#4
A static web site with no accounts might be fine on HTTP.

Otherwise, HTTPS -- "This is the way".

Yes, on the forums (and any other part of Pine64 community or store) that has an account HTTPS must be being enforced. This is for security.

CORS is a separate issue.
  Reply
#5
We had a long discussion on this a while back, but I can't find it because the search here stinks.

Mandatory self-security for the sole sake of self-security isn't really necessary. Not on the forum. The store, yes. Forum, no.

Last time, I probably likened this to the mandatory use of electronic stability systems in cars. If it makes you feel safer, by all means you do it. But there's really no need to force everyone to. Know you limits, take responsibility for yourself. Obviously, don't use the same password here that you use for your Bitcoin wallet. But hey even if you do, you know the risk. If you don't know the risk, you shouldn't be online.
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Disappearing forum alerts dsimic 3 240 04-20-2021, 09:24 PM
Last Post: dsimic
  Extra newlines in forum post TRS-80 5 769 02-26-2021, 09:47 PM
Last Post: KC9UDX
  Anyone having issues with the forum? RegularGuy 11 1,236 02-16-2021, 04:21 PM
Last Post: dgdimick
  Forum issue: not receiving emails marcih 9 2,371 02-11-2021, 06:36 AM
Last Post: marcih
  Account delete on Pine64 Forum User 12599 3 2,654 01-06-2021, 09:14 PM
Last Post: moulder
  Is the forum software of Pine64 open source? Peter Gamma 2 1,530 10-07-2020, 02:38 AM
Last Post: Peter Gamma
  Please create a PineTab section in the forum eaglecup 2 2,538 07-29-2020, 12:26 PM
Last Post: JamesGrelf
  Forum issues after the cluster move Dendrocalamus64 2 2,193 06-09-2020, 05:53 PM
Last Post: Dendrocalamus64
  Suggested UX improvements for forum site Stevie-O 14 6,603 06-03-2020, 09:18 AM
Last Post: lot378
Question Is there a forum for PineTab? Danct12 3 3,365 01-31-2020, 08:23 PM
Last Post: InsideJob

Forum Jump:


Users browsing this thread: 1 Guest(s)