Quote:
Originally Posted by CDR DPH
Are there any plans to implement https (or get it working again)?
Not a lot of personal info at risk here but we are submitting passwords at login. A serious website that doesn't offer https connections is a rarity these days.
Rgds.
|
I agree.
With "Let's encrypt" certificates there is really no excuse today to not use SSL encryption.
You can get a "let's encrypt certifcate" for free:
https://letsencrypt.org/
https://en.wikipedia.org/wiki/Let%27s_Encrypt
Also, if i enter https:// in front of the forum url, i get a certifacte error because the used certificate is only for the domains server.subsim.com and
www.server.subsim.com, but not
www.subsim.com.
You can try it on your own, this is the link:
https://www.subsim.com/radioroom/index.php
And this is the error message:
SSL_ERROR_BAD_CERT_DOMAIN
Without ssl, passwords can be read in cleartext and thus accounts can be stolen.
If an intruder does have the accounts, he also does have the email address related to the account and then the email address will be used for spam.
This should really be changed and because the server is also communicating with people from the EU it is also a must, according to the "General Data Protection Regulation" which is a law, where violating against it can get very expensive. Even if the server is not in the EU.
Read here for more information:
https://en.wikipedia.org/wiki/Genera...ion_Regulation