Subaru BRZ Forum banner

1 - 4 of 4 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter #1
Howdy,

The site should provide an HTTPS endpoint, which will help protect login details. Right now when you login to the site you do so via a form submission over HTTP.

This is insecure and violates best practices for modern websites. Let's Encrypt provides free certificates, so it should be a relatively simple thing to setup assuming the
web server hosting the site is running Linux.

Cheers
 

·
Subaru BRZ Forum Admin
Joined
·
124 Posts
It's been a work in process for the last little while. It's never been on before, since everything that is being typed here is going to a public forum that can be read by anyone, and we have zero eCommerce going on, its never been a high priority.

That being said, we are working on it but there have been a lot of bugs turning up whenever it's attempted. Most of the bugs have to do with the site interacting with off-site information, like links, youtube videos, or embedded images from hosting sites. Techs are continuing to work on implementation though

Kevin
 

·
Registered
Joined
·
3 Posts
Discussion Starter #3
Thanks Kevin!

The main thing it's important for is to protect the login credentials that people use. While everyone should always use a unique password on every website, many people reuse passwords and because of the information leak it could be added to password lists that are tried against other sites.

The issue you're running into with the other items is that once a site is HTTPS, all the things loaded must also be done via HTTPS. If you have a "mixed-security page" most browsers treat is as being broken, especially if you enforce HSTS. Most major services now provided HTTPS endpoints, so this is mostly a job of fixing the page generation code to use https instead of http ahead of the embedding links.

Let me know if you want some assistance. This type of stuff is what I do for a living.
 
1 - 4 of 4 Posts
Top