Results 1 to 7 of 7

Thread: TLS Support

  1. #1
    5 Star Lounger
    Join Date
    Jan 2010
    Location
    Fort McMurray, Alberta, Canada
    Posts
    652
    Thanks
    63
    Thanked 83 Times in 79 Posts

    TLS Support

    I was wondering, what are the prospects for the Windows Secrets website to support Transport Layer Security?

    It has often seemed to me a bit "weird" that this is a password protected site, yet those passwords are transmitted in plain text over the open internet! Windows Secrets content isn't exactly high security stuff, but if it's important enough to password protect, maybe HTTPS support ought to be on the To-Do list?

    And of course, there is a broader push on the internet generally to encrypt as a routine matter rather than as an exception use-case.

    https://letsencrypt.org/

  2. #2
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    2,017
    Thanks
    296
    Thanked 201 Times in 166 Posts
    Chrome list's WS as "Not Secure" in the Omnibox.

  3. #3
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,675
    Thanks
    308
    Thanked 604 Times in 503 Posts
    We don't know if there is a To-Do list, contact with those above who may be in a position to improve the site is very rare.

    I'm not sure there's a real need for the 'https everywhere' type of approach, it can break simple things like this:

    Web Security - "HTTPS Everywhere" harmful

    But, yes, a review of the site's security is overdue, imo.

  4. #4
    Silver Lounger
    Join Date
    Mar 2014
    Location
    Forever West
    Posts
    2,137
    Thanks
    0
    Thanked 266 Times in 255 Posts
    Quote Originally Posted by lumpy95 View Post
    Chrome list's WS as "Not Secure" in the Omnibox.
    Same for Firefox with its site information, have the latest.

  5. #5
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,520
    Thanks
    54
    Thanked 1,038 Times in 966 Posts
    Ads often don't play well with https so you may not see any change there, but having the login through https would be an improvement.

    cheers, Paul

  6. #6
    Lounger
    Join Date
    Dec 2009
    Location
    Ottawa, Canada
    Posts
    34
    Thanks
    7
    Thanked 1 Time in 1 Post
    It's really not very difficult to convert a vBulletin site to TLS. I've done it on 4 sites recently.

    And most ads display just fine as https:// links as long as the destination site is SSL/TSL enabled. Those that aren't should be.

    This site uses Google ads. Those are generally already scripted as //example.com which makes them compatible with either http:// or https:// connections. If not, just convert the URLs from http:// to just //.
    Last edited by djbaxter; 2017-03-19 at 01:49.
    Psychlinks Web Services
    Website Design, Management, Promotion, SEO & Local SEO

  7. #7
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,886
    Thanks
    5
    Thanked 1,103 Times in 969 Posts
    Quote Originally Posted by djbaxter View Post
    It's really not very difficult to convert a vBulletin site to TLS. I've done it on 4 sites recently.

    And most ads display just fine as https:// links as long as the destination site is SSL/TSL enabled. Those that aren't should be.

    This site uses Google ads. Those are generally already scripted as //example.com which makes them compatible with either http:// or https:// connections. If not, just convert the URLs from http:// to just //.
    Unfortunately, we have no control over the backbone software. We are given non-technical admin privileges. The site owners manage the software.
    Joe

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •