Canreef Aquatics Bulletin Board

Canreef Aquatics Bulletin Board (http://www.canreef.com/vbulletin/index.php)

- Q&A (http://www.canreef.com/vbulletin/forumdisplay.php?f=19)

- - Enabling HTTPS ? (http://www.canreef.com/vbulletin/showthread.php?t=121904)

Enabling HTTPS ?

Hi,

I was wondering if there was a schedule or plan to enable HTTPS for the board?

Charles

Forwarded to Titus, he may take awhile to answer. :)

Thanks :)

One of my New Year's Resolutions is to be a little more tight on my electronic security, so I went through the various forums I post on asking to turn this feature on.

Charles

Hello

Charles no because we don't do ecommerce here so there is no imminent need to have htttps. However yes there is a plan as a general upgrade but I can't specify a date.

Titus

Quote:

Originally Posted by SoloSK71 (Post 1005044)

Thanks :)

One of my New Year's Resolutions is to be a little more tight on my electronic security, so I went through the various forums I post on asking to turn this feature on.

Charles

Hi Charles,

None of the forums I frequent use https. All of the online vendors I frequent use https. I didn't think there was any need for https unless you were entering payment information. Could you explain more?

Taken from a presentation at the Chrome Developers Summit 2016 by Kayce Basques.

Quote:

HTTPS helps prevent intruders from tampering with the communications between your websites and your users’ browsers. Intruders include intentionally malicious attackers, and legitimate but intrusive companies, such as ISPs or hotels that inject ads into pages.

Intruders exploit unprotected communications to trick your users into giving up sensitive information or installing malware, or to insert their own advertisements into your resources. For example, some third parties inject advertisements into websites that potentially break user experiences and create security vulnerabilities.

Intruders exploit every unprotected resource that travels between your websites and your users. Images, cookies, scripts, HTML … they’re all exploitable. Intrusions can occur at any point in the network, including a user’s machine, a Wi-Fi hotspot, or a compromised ISP, just to name a few.

Quote:

HTTPS prevents intruders from being able to passively listen to communications between your websites and your users.

One common misconception about HTTPS is that the only websites that need HTTPS are those that handle sensitive communications. Every unprotected HTTP request can potentially reveal information about the behaviors and identities of your users. Although a single visit to one of your unprotected websites may seem benign, some intruders look at the aggregate browsing activities of your users to make inferences about their behaviors and intentions, and to de-anonymize their identities. For example, employees might inadvertently disclose sensitive health conditions to their employers just by reading unprotected medical articles.

Charles

Thanks Charles. Though I don't know what most of that means. :lol:

The quick summary is that HTTPS protects more than just e-commerce.

It means it would be harder for someone's account to be hacked, and if people wanted to pass on PayPal OT Interac payments through PM's they would be secure while doing so.

It means that a malicious ad provider could not inject their ads instead of the ones the forum sponsors pay for.

Charles

Lost me... :biggrin:

What would the site use it for?
Isen't this a node.js thing? Where you require("https") and then set to a variable and extract something from a website like the weather or something