Werr da https support be @?

[dudclub55]

Title, does this website offer https support?

[sivispacem]

I think there's been discussion about implementing TLS but I don't know if any final decision (or a decision of any kind for that matter) has been made on it. Might be worth people chipping in with their views in this thread?

[Spider-Vice]

What else would TLS save you from? It makes logins safer and sending of important information, but how is browsing/posting a concern for such security needs?

[Franceska]

Don't see why https should be implemented. Seems just for a waste of money, unless you introduce a social networking, GTAF bank, or anything else with really sensitive personal information.

 

Like Spider said, it only protects you in the login process. But GTAF has been around quite the time so I don't think even this is a concern now.

 

I vote no for https support.

[Peter]

Implementing TLS has many advantages. In fact, we're considering adding certificates for the IRC network.

 

Anyone who is on the same WiFi network as you can intercept a request. Your ISP can intercept your request, and so can your school, work or any of the proxy servers in between.

 

Intercepting a request is bad because it allows them to tamper with the page. They can not just steal your password, but they can also insert advertisements, change the content on the page (censorship) or make a record of exactly what you've been doing on which websites. It's easy to learn quite a lot about someone, that way. In the near future, new (and some current!) Web Platform features may not be available to non-https sites anymore either. It also boosts search engine rankings.

 

You're right in saying that most things on GTAForums are not particularly sensitive. It's also a big pain to set up, especially when using certain CDNs. But I strongly argue it's worth it.

 

I can't talk for GTAForums, but this is definitely worth considering.

Edited September 29, 2014 by Peter

[Svip]

SSL certificates can be obtained rather cheaply for small sites. But it's really not a huge expense, if you find the right provider.

 

Actually, there is no reason now not to do it.

Edited September 29, 2014 by Svip

[err5]

I'm aware of the fact I'm bumping an almost 2 year old thread, but I see no point in creating a new one. Especially since I'd like to clarify some things.

 

 

Don't see why https should be implemented. Seems just for a waste of money, unless you introduce a social networking, GTAF bank, or anything else with really sensitive personal information.

Some private messages may contain sensitive information. They're supposed to be private, after all.

Furthermore, no matter how strong my password could be, there's still a chance of intercepting it and breaking into my account. I wouldn't like to be associated with trolling/insulting/whatever a cracker could do.

There's even a bigger chance of that happening when using anonymity networks, which would be nice to use when connecting in untrusted places that I don't want to associate me with the forum or just to hide my location.

Despite me referring to myself, this can happen to everyone.

 

 

I think there's been discussion about implementing TLS but I don't know if any final decision (or a decision of any kind for that matter) has been made on it.

Also, has it been discussed, whether to use a free Let's Encrypt certificate ? This is the only thread I could find.