Not a member yet? Why not Sign up today
Create an account  

Thread Rating:
  • 2 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Website] SSL and Security Improvements

#1
Lightbulb 

  1. Please add SSL. Almost every website these days forces HTTPS, and it's easier than ever to get an SSL certificate. What's more, many programs and websites will default to https when a user types a domain without any prefix, which causes confusion when people click their link and receive a 401 error. By all means, use a free certificate from Let's Encrypt. It's so easy to install using the Python program Certbot, which you can install using APT on Debian and Ubuntu. They even have an additional program to automatically configure Apache and Nginx to enable SSL and configure your websites to use your new certificate.

  2. Upgrade PHP! Upon inspection, the version of PHP being used by the server is pretty out-dated. The longer this waits, the greater the chance some nefarious individual will get bored enough to launch an attack using one of the various vulnerabilities at their disposal.

Please set aside some time next month to do this. It's relatively easy, and terribly important. If I encounter any other potential vulnerabilities, I will try to be more discreet about it.


Much Love ♥,

Seathre
Reply

#2
Just because somebody does something, or because it's easy to do it, does not make sense to do the same.
(Also, let's encrypt only looks easy. Did you do it yourself? For how long?)
Reply

#3
(01-03-2020, 11:06 AM)AnrDaemon Wrote: Just because somebody does something, or because it's easy to do it, does not make sense to do the same.
(Also, let's encrypt only looks easy. Did you do it yourself? For how long?)

Your argument seems a little generic. I thought you knew enough to at least agree that an SSL certificate is a good thing.

I operate a few websites, and I've used Let's Encrypt dozens of times. As long as you are comfortable with a Linux Shell, it is easy to install a certificate using Let's Encrypt via Certbot.

If not Let's Encrypt, buy a certificate from a reputable vendor. HTTPS everywhere is the future.
Reply

#4
(01-03-2020, 02:08 PM)Seathre Wrote: I thought you knew enough to at least agree that an SSL certificate is a good thing.
SSL certificate from a source trusted by both server owner and visiting client, you mean?
I do not trust Let's Encrypt. Or any other SSL CA than my own.
Reply

#5
(01-08-2020, 01:24 AM)AnrDaemon Wrote:
(01-03-2020, 02:08 PM)Seathre Wrote: I thought you knew enough to at least agree that an SSL certificate is a good thing.
SSL certificate from a source trusted by both server owner and visiting client, you mean?
I do not trust Let's Encrypt. Or any other SSL CA than my own.
   
Reply

#6
In contrast to you, I do know the technology behind SSL/TLS, certifictes and such.
Reply

#7
(01-03-2020, 11:06 AM)AnrDaemon Wrote: Just because somebody does something, or because it's easy to do it, does not make sense to do the same.
(Also, let's encrypt only looks easy. Did you do it yourself? For how long?)

I love it when you argue with people without having any idea what you're talking about. Is there any idea you won't shit on?

I've actually used Let's Encrypt, and it took me less than five minutes to generate a free wildcard cert and put it on my server. I think your tinfoil hat might be malfunctioning here because usually paranoid people support encryption. Let's Encrypt is perfectly reputable and 100% free, so there's no downside whatsoever to Haxus securing the Hazeron website. Every common browser supports SSL/TLS, and if your computer can run Hazeron, it can run a modern web browser.
Reply

#8
(01-08-2020, 11:21 PM)AnrDaemon Wrote: In contrast to you, I do know the technology behind SSL/TLS, certifictes and such.

ok boomer

Oh also, you forgot to mention my second point in the OP, so I'm gonna assume you're cool with Haxus upgrading the PHP version. I'll be awaiting your response with bated breath. :D

(01-08-2020, 01:24 AM)AnrDaemon Wrote: SSL certificate from a source trusted by both server owner and visiting client, you mean?
I do not trust Let's Encrypt. Or any other SSL CA than my own.

And y'know, I don't even care where the certificate comes from, you can generate it for all I care. I was just suggesting we get one! If you wanna have a conversation about how trustworthy Let's Encrypt is or how SSL/TLS works, we can do that in another thread. For the love of Targoss.
Reply

#9
Agreed... I'd like my data secured (logon credentials) between browser client and servers via SSL(HTTPS) and not transmitted in clear text (http).
Reply

#10
I think the hardest part is going to be deciding which domain to stick with :D, since he has a bunch of domains that all work independently. He really should pick one and have the rest permanent redirect to the primary domain.
Reply



Forum Jump:


Users browsing this thread:
4 Guest(s)