Force HTTPS on forum
#1
Exclamation 
As of right now, the website can be visited without HTTPS (http://forum.pine64.org). This is a major security risk as it's possible to steal cookies over the network.
Find me in the forest, when I'm at my lowest. I don't really think you should continue..

HOLD YOUR BREATH.
  Reply
#2
Pretty sure we've been down this road.

If you are so worried, don't use it.  (Does your "s" key work? Smile )

Some of us want the "scary insecure" way to do it.
  Reply
#3
(03-02-2021, 02:49 AM)KC9UDX Wrote: If you are so worried, don't use it.

It also breaks the website in some way as well (e.g. recent alerts)

See attachment.


Attached Files Thumbnail(s)
   
Find me in the forest, when I'm at my lowest. I don't really think you should continue..

HOLD YOUR BREATH.
  Reply
#4
A static web site with no accounts might be fine on HTTP.

Otherwise, HTTPS -- "This is the way".

Yes, on the forums (and any other part of Pine64 community or store) that has an account HTTPS must be being enforced. This is for security.

CORS is a separate issue.
  Reply
#5
We had a long discussion on this a while back, but I can't find it because the search here stinks.

Mandatory self-security for the sole sake of self-security isn't really necessary. Not on the forum. The store, yes. Forum, no.

Last time, I probably likened this to the mandatory use of electronic stability systems in cars. If it makes you feel safer, by all means you do it. But there's really no need to force everyone to. Know you limits, take responsibility for yourself. Obviously, don't use the same password here that you use for your Bitcoin wallet. But hey even if you do, you know the risk. If you don't know the risk, you shouldn't be online.
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Forum Recommendations for Pine64 support? backwoodstech2 0 767 02-04-2024, 07:12 PM
Last Post: backwoodstech2
  star64 bootable images, u-boot, sbi, forum? hexdump 2 1,906 12-06-2023, 09:47 PM
Last Post: faultyforelimb
Exclamation Why still force us on paypal Jantje 22 13,403 09-27-2023, 08:10 AM
Last Post: zetabeta
  RSS feed for the forum power46 1 1,081 08-01-2023, 02:02 AM
Last Post: ericssonmere
  Why are you using MyBB for this forum? notramo 6 6,050 05-24-2023, 07:44 PM
Last Post: Kevin Kofler
  Change the forum's software to Discourse Liz_34 11 4,738 01-25-2023, 08:04 PM
Last Post: Kevin Kofler
  Own sub for PineBuds Pro to this forum Liz_34 0 1,016 01-12-2023, 12:04 PM
Last Post: Liz_34
Lightbulb Add a dark theme for the forum? cowsay 1 1,328 08-31-2022, 10:13 AM
Last Post: commiecam
  Broken forum? arno_nuehm 16 10,834 03-12-2022, 03:00 AM
Last Post: arno_nuehm
  How to delete my Pine64 forum account Scooterman 1 2,042 12-09-2021, 07:50 AM
Last Post: tophneal

Forum Jump:


Users browsing this thread: 1 Guest(s)