9 replies to this topic

[Backpacker]

I should have asked this years ago. I was wondering why this entire site does not utilize https:// for secure connections. It's a standard practice nowadays and I respectfully would expect a site such as this to utilize https since its beginning.

 

Every time a user logs in here, their login credentials are not securely transmitted and anyone (i.e. NSA, government, bad guys, etc.) who knows how can see what others are doing.

 

Just a friendly inquiry.

[Molly B.]

This is planned with the upcoming upgrade.

[InterestedBystander]

This is planned with the upcoming upgrade.

Any more info on the timing for this? HTTP is often mentioned in similar posts as well as fixing the things that no longer work or are kept going with some twine and chewing gum ;-). We've seen it mentioned but not much more.

Nov to Jan probably not good for veto session and end of GA. Jan to May not good for all the legislative activity.

Any plans to perhaps let some folks beta test drive it? Assuming it's a board version upgrade which may be significant changes depending on how many levels different...and just maybe I have one other little pet peeve besides HTTPS ;-)

I assume the IT group has a back-up and back-out plan in place as these things can be tricky regardless of how much planning.

Edited by InterestedBystander, 21 July 2018 - 06:16 PM.

[Molly B.]

Progress continues, yes, it's very complicated.  Trying to clean somethings up beforehand so that we don't carry them over with the upgrade. I would hope to see the upgrade complete sometime this summer.

[chicagoresident]

For everyone that asks would it help to do a membership drive to pay the cost of an SSL certificate? I'd be happy to chip in when the time comes.

[WitchDoctor]

For everyone that asks would it help to do a membership drive to pay the cost of an SSL certificate? I'd be happy to chip in when the time comes.

Me too!

[InterestedBystander]

For everyone that asks would it help to do a membership drive to pay the cost of an SSL certificate? I'd be happy to chip in when the time comes.

Me too!

This has been offered multiple times in the prior "HTTPS" threads so it sounds like that part should be covered one way or another.

[RoadyRunner]

I know where to get SSL carts for less than $15/yr (depending on how long - https://www.garrison...s/alphassl.html) - and with a small script you can get them for free from LetsEncrypt as well....

Adding SSL should not need an upgrade.

Adding SSL should not be optional. Heck, Google has long downranked sites purely because they are not SSL. The next version of Chrome will display (âSite is not secureâ) when accessing non-SSL sites.

I am happy to offer tech help for this upgrade - since security, crypto and SSL is my day job....

Edited by RoadyRunner, 25 July 2018 - 06:08 AM.

[Trevis]

Any update on this? In the current climate of the internet, SSL is pretty much essential.

[InterestedBystander]

Progress continues, yes, it's very complicated.  Trying to clean somethings up beforehand so that we don't carry them over with the upgrade. I would hope to see the upgrade complete sometime this summer.

Any update on this? In the current climate of the internet, SSL is pretty much essential.

I expect the board activity to increase quite a bit in mid-January with putting in a new governor and legislature. Also post election and during fall veto session.

I would hope to see the board upgrade to new version before mid-Jan maybe even giving us a chance to beta test and provide some feedback.

Maybe the admins or some of the tech guys testing could provide an update and a guess on dates?

Edited by InterestedBystander, 23 October 2018 - 05:59 AM.