j28791 Posted May 24, 2018 at 10:56 PM Share Posted May 24, 2018 at 10:56 PM I think it would be great is SSL could be added to the site. Especially with the environment we have around guns these days plus all the government spying that goes on. Link to comment Share on other sites More sharing options...
InterestedBystander Posted May 24, 2018 at 11:09 PM Share Posted May 24, 2018 at 11:09 PM I think it would be great is SSL could be added to the site. Especially with the environment we have around guns these days plus all the government spying that goes on.Agreed and just in general, not because of govt spying. Its been mentioned before with some of the techy types offering to help and/or pay for the certificates. Perhaps (hopefully) it will be part of the board upgrade that is being tested but IMO the time to be messing with the board would not be until we get past this spring legislative session. A significant upgrade certainly requires lots of planning from potential data conversions to backout plans, convert/load/restore times, etc. Link to comment Share on other sites More sharing options...
WitchDoctor Posted May 25, 2018 at 12:20 AM Share Posted May 25, 2018 at 12:20 AM I think it would be great is SSL could be added to the site. Especially with the environment we have around guns these days plus all the government spying that goes on.Agreed and just in general, not because of govt spying. Its been mentioned before with some of the techy types offering to help and/or pay for the certificates. Perhaps (hopefuly) it will be part of the board upgrade that is being tested but IMO the time to be messing with the board would not be until we get past this spring legislative session. A significant upgrade certainly requires lots of planning from potential data conversions to backout plans, convert/load/restore times, etc. Agreed sir! Link to comment Share on other sites More sharing options...
chicagoresident Posted May 25, 2018 at 12:31 AM Share Posted May 25, 2018 at 12:31 AM I think it would be great is SSL could be added to the site. Especially with the environment we have around guns these days plus all the government spying that goes on.Agreed and just in general, not because of govt spying. Its been mentioned before with some of the techy types offering to help and/or pay for the certificates.Perhaps (hopefuly) it will be part of the board upgrade that is being tested but IMO the time to be messing with the board would not be until we get past this spring legislative session.A significant upgrade certainly requires lots of planning from potential data conversions to backout plans, convert/load/restore times, etc.An SSL won't help with government spying, you're on a public forum where anyone can register. It's just a good security practice to prevent hijacking by malicious link farms and Spyware installers. Typically someone could man in the middle an admin password and spam the place up. This could be from a hacked home router, or other methods. SSL will encrypt traffic, but without SSL you can use a packet capture program that shows everything you're typing. Anyone that's even slightly interested by this stuff should grab a copy of Wireshark. I can name a million other ways the government can and is spying on you that you cannot do anything about. Link to comment Share on other sites More sharing options...
Euler Posted May 25, 2018 at 12:43 AM Share Posted May 25, 2018 at 12:43 AM I think it would be great is SSL could be added to the site. Especially with the environment we have around guns these days plus all the government spying that goes on. As pointed out above, this is a public forum. There's no hidden information. The only thing SSL would do is keep your Internet service provider from stealing your password. I doubt AT&T or Comcast really care. Link to comment Share on other sites More sharing options...
InterestedBystander Posted May 25, 2018 at 12:57 AM Share Posted May 25, 2018 at 12:57 AM I think it would be great is SSL could be added to the site. Especially with the environment we have around guns these days plus all the government spying that goes on.As pointed out above, this is a public forum. There's no hidden information. The only thing SSL would do is keep your Internet service provider from stealing your password. I doubt AT&T or Comcast really care. Not just the service provider but if I have to use the free wireless at the hospital or car dealership to connect, I'd much rather not have my ID and pwd exposed to anyone else on the network system snooping traffic. Link to comment Share on other sites More sharing options...
chicagoresident Posted May 25, 2018 at 01:00 AM Share Posted May 25, 2018 at 01:00 AM I would also strongly emphasize if you use the same password for this site for anything more important to immediately change that password elsewhere. Like I said before, there are some pretty easy ways to grab passwords off non SSL logins. Public Hotspots being the easiest, especially since phones often times automatically connect to them. Malicious people look for this because they know people often use the same passwords for other more secure stuff. Not just the service provider but if I have to use the free wireless at the hospital or car dealership to connect, I'd much rather not have my ID and pwd exposed to anyone else on the network system snooping traffic.Most commercial wifi equipment has packet capture built right in so all it takes is a bored IT guy to see exactly what you're browsing on a non SSL site. Link to comment Share on other sites More sharing options...
InterestedBystander Posted May 25, 2018 at 01:24 AM Share Posted May 25, 2018 at 01:24 AM I would also strongly emphasize if you use the same password for this site for anything more important to immediately change that password elsewhere.Like I said before, there are some pretty easy ways to grab passwords off non SSL logins. Public Hotspots being the easiest, especially since phones often times automatically connect to them. Malicious people look for this because they know people often use the same passwords for other more secure stuff.Not just the service provider but if I have to use the free wireless at the hospital or car dealership to connect, I'd much rather not have my ID and pwd exposed to anyone else on the network system snooping traffic.Most commercial wifi equipment has packet capture built right in so all it takes is a bored IT guy to see exactly what you're browsing on a non SSL site.Sure. It isnt the bored IT guy that concerns me as much as the guy (or gal) sitting on the other side of the hospital waiting room. But I think we are in agreement that SSL is a best practice and hopefully we will see it in the future board versions. Link to comment Share on other sites More sharing options...
drumgod Posted May 25, 2018 at 12:38 PM Share Posted May 25, 2018 at 12:38 PM I think it would be great is SSL could be added to the site. Especially with the environment we have around guns these days plus all the government spying that goes on.As pointed out above, this is a public forum. There's no hidden information. The only thing SSL would do is keep your Internet service provider from stealing your password. I doubt AT&T or Comcast really care.Not just the service provider but if I have to use the free wireless at the hospital or car dealership to connect, I'd much rather not have my ID and pwd exposed to anyone else on the network system snooping traffic. Subscribe to a VPN service or install an endpoint on your home router. All your traffic will be encrypted back to the end point and you'll have less to worry about on public access networks. Link to comment Share on other sites More sharing options...
GeekDad Posted May 25, 2018 at 06:30 PM Share Posted May 25, 2018 at 06:30 PM This is good idea. The use of SSL is considered best practice. Link to comment Share on other sites More sharing options...
j28791 Posted May 25, 2018 at 11:18 PM Author Share Posted May 25, 2018 at 11:18 PM I think it would be great is SSL could be added to the site. Especially with the environment we have around guns these days plus all the government spying that goes on.Agreed and just in general, not because of govt spying. Its been mentioned before with some of the techy types offering to help and/or pay for the certificates. Perhaps (hopefully) it will be part of the board upgrade that is being tested but IMO the time to be messing with the board would not be until we get past this spring legislative session. A significant upgrade certainly requires lots of planning from potential data conversions to backout plans, convert/load/restore times, etc. They actually offer some for free and I bet there are web developer people on this forum that can help site admins set up the SSL Link to comment Share on other sites More sharing options...
yyyz Posted May 27, 2018 at 09:21 AM Share Posted May 27, 2018 at 09:21 AM I have been using "LetsEncrypt" for the last 2 years on about 8 websites - it works great and it is free and (depending on the operating system) easy to set up. Very few requirements except that the site is both IPv4 and IPv6 compatible. Link to comment Share on other sites More sharing options...
kevintb7 Posted May 27, 2018 at 06:22 PM Share Posted May 27, 2018 at 06:22 PM 100% SSL is a basic best practice these days. Its not just ano about someone stealing your password or seeing what you type, there's way more that can go wrong. I'm one of those tech types, would be happy to help set it up. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.