OSDev.org

The Place to Start for Operating System Developers
It is currently Tue Nov 21, 2017 6:07 am

All times are UTC - 6 hours




Post new topic Reply to topic  [ 11 posts ] 
Author Message
 Post subject: Why isn't the wiki/forum using HTTPS ?
PostPosted: Tue Jun 27, 2017 12:03 pm 
Offline

Joined: Tue Jun 13, 2017 12:37 pm
Posts: 11
Hi, I've noticed that the forum doesn't use any kind of protection. Why not add HTTPS, via Let's encrypt for example ?


Top
 Profile  
 
 Post subject: Re: Why isn't the wiki/forum using HTTPS ?
PostPosted: Tue Jun 27, 2017 12:50 pm 
Offline
Member
Member
User avatar

Joined: Tue Aug 02, 2016 1:52 pm
Posts: 286
Location: East Riding of Yorkshire, UK
orion40 wrote:
Hi, I've noticed that the forum doesn't use any kind of protection. Why not add HTTPS, via Let's encrypt for example ?

viewtopic.php?f=6&t=30881

_________________
com.sun.java.swing.plaf.nimbus.InternalFrameInternalFrameTitlePaneInternalFrameTitlePaneMaximizeButtonWindowNotFocusedState
Compiler Development Forum


Top
 Profile  
 
 Post subject: Re: Why isn't the wiki/forum using HTTPS ?
PostPosted: Tue Jun 27, 2017 1:03 pm 
Offline
Member
Member
User avatar

Joined: Wed Jul 13, 2011 7:38 pm
Posts: 526
Location: Victoria, Canada
No one's gotten around to it.

That's really about it.

_________________
The good thing about Unix is when it screws up, it does so very quickly.


Top
 Profile  
 
 Post subject: Re: Why isn't the wiki/forum using HTTPS ?
PostPosted: Tue Jun 27, 2017 6:05 pm 
Offline
Member
Member
User avatar

Joined: Sat Dec 27, 2014 9:11 am
Posts: 863
Location: Maadi, Cairo, Egypt
orion40 wrote:
Why not add HTTPS, via Let's encrypt for example ?

Because my OS and most other OSes with networking here have HTTP but don't have HTTPS support. ;)

_________________
Byte me; OS site, source code.
You know your OS is advanced when you stop using the Intel programming guide as a reference.


Top
 Profile  
 
 Post subject: Re: Why isn't the wiki/forum using HTTPS ?
PostPosted: Wed Jun 28, 2017 12:47 pm 
Offline

Joined: Tue Jun 13, 2017 12:37 pm
Posts: 11
matt11235 wrote:
http://forum.osdev.org/viewtopic.php?f=6&t=30881


Thanks for the link, I did a quick search, but didn't found anything. So basically, until the admin pops out of nowhere, this is not going to change ?

omarrx024 wrote:
Because my OS and most other OSes with networking here have HTTP but don't have HTTPS support. ;)


Well I guess you're joking, but I'll add more thought anyway: no HTTPS mean passwords and authentification cookies sent in clear text. Who care about your OSdev account ? Probably no one, but your username/password is probably reused several time on other services. Like your email, which hold the key to all your other accounts.
Then there's all kind of nasty redirection, and overall disruption you can cause without HTTPS.

Hell, even donations to get a certificate, I'm sure a few people would be ready to give a dollar or two for that (me included).


Top
 Profile  
 
 Post subject: Re: Why isn't the wiki/forum using HTTPS ?
PostPosted: Wed Jun 28, 2017 6:16 pm 
Offline
Member
Member
User avatar

Joined: Thu Jul 12, 2012 7:29 am
Posts: 718
Location: Tallinn, Estonia
orion40 wrote:
but your username/password is probably reused several time on other services. Like your email


Corollary: do NOT reuse your password on mulitple websites. Use generated passwords.

_________________
Learn to read.


Top
 Profile  
 
 Post subject: Re: Why isn't the wiki/forum using HTTPS ?
PostPosted: Fri Jun 30, 2017 10:51 pm 
Offline
Member
Member
User avatar

Joined: Tue Mar 06, 2007 11:17 am
Posts: 1019
I generate passwords by crazily typing randomly and then I don't even need to see the password again, only store it where nobody else would search it in my house.

I also use my cell phone frequently instead of a password.
I use a cell phone as a password for all of the websites I can.
It could be safer sometimes because nobody would have a password and would need my cell phone to log into a website that can use it to recover the account.

_________________
Image http://www.archefire.org/_PROJECTS_/ (udocproject@yahoo.com)

YouTube Development Videos:
http://www.youtube.com/user/AltComp126/videos

Current IP address for hosts file (all subdomains):
190.150.9.244 archefire.org


Top
 Profile  
 
 Post subject: Re: Why isn't the wiki/forum using HTTPS ?
PostPosted: Sat Jul 01, 2017 12:54 am 
Offline
Member
Member
User avatar

Joined: Tue Aug 02, 2016 1:52 pm
Posts: 286
Location: East Riding of Yorkshire, UK
~ wrote:
I generate passwords by crazily typing randomly and then I don't even need to see the password again, only store it where nobody else would search it in my house.

I also use my cell phone frequently instead of a password.
I use a cell phone as a password for all of the websites I can.
It could be safer sometimes because nobody would have a password and would need my cell phone to log into a website that can use it to recover the account.


How do you use a cell phone as a password? Do you mean you're using 2 factor auth?

_________________
com.sun.java.swing.plaf.nimbus.InternalFrameInternalFrameTitlePaneInternalFrameTitlePaneMaximizeButtonWindowNotFocusedState
Compiler Development Forum


Top
 Profile  
 
 Post subject: Re: Why isn't the wiki/forum using HTTPS ?
PostPosted: Sat Jul 01, 2017 7:49 am 
Offline
Member
Member
User avatar

Joined: Tue Mar 06, 2007 11:17 am
Posts: 1019
For example in Yahoo I have two factor disabled.

When I log in normally I add my cell phone as a means to recover my account.

When I log in again, I use the option to recover the account instead of logging in normally with a password, as if I would have forgotten it. Then it just sends me an SMS with a random code and I use all that as a way to log in instead of using a password.

I still write down the new password just in case I need it.

_________________
Image http://www.archefire.org/_PROJECTS_/ (udocproject@yahoo.com)

YouTube Development Videos:
http://www.youtube.com/user/AltComp126/videos

Current IP address for hosts file (all subdomains):
190.150.9.244 archefire.org


Top
 Profile  
 
 Post subject: Re: Why isn't the wiki/forum using HTTPS ?
PostPosted: Sat Jul 01, 2017 2:09 pm 
Offline
Member
Member
User avatar

Joined: Wed Mar 21, 2012 3:01 pm
Posts: 920
omarrx024 wrote:
orion40 wrote:
Why not add HTTPS, via Let's encrypt for example ?

Because my OS and most other OSes with networking here have HTTP but don't have HTTPS support. ;)

I'm sorry to hear that. Might I suggest libressl? I ported it in 2014 before many systems and they merged the portability fixes I sent them afterwards. It basically works out of the box with no configuration of mine, and passes almost all badssl.com tests.

Viva SSL libre!


Top
 Profile  
 
 Post subject: Re: Why isn't the wiki/forum using HTTPS ?
PostPosted: Sat Aug 12, 2017 3:14 pm 
Offline
Member
Member

Joined: Wed Aug 09, 2017 7:37 am
Posts: 80
HTTPS should be added for many reasons

= People give more trust to websites with HTTPS (or the padlock).
= Encrypted connections are important. It stops sniffing (MITM attacks) as well as giving a good level of privacy.
= Google likes it.

= There is no reason not to. All you need to do is play with Apache. I tried it once when I was into web development (way back before my journey of advanced programming). Mozilla and EFF made Lets Encrypt (and I like those organizations. you can believe what they say because they don't get money).


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group