UKC

Why no HTTPS on UKC Forums?

New Topic
This topic has been archived, and won't accept reply postings.
 zebidee 07 Dec 2016
Some of the discussions on the UKC Forums can be quite charged ... with that in mind, why is encryption not enabled by default across the whole of UKC instead of just for the login page?

It would prevent snooping by employers, service providers and Theresa May on potentially damning content.

There used to be an argument against it on the basis of the performance impact upon the webserver, or the cost of the certificate itself (which UKC has anyway). Nowadays these are non-issues; server performance now vastly exceeds the impact of SSL and can in some cases provide better performance for end-users.
KevinD 07 Dec 2016
In reply to zebidee:

It wouldnt really prevent the employers. Plenty of ways round.
Service providers probably (or at least it they are playing stupid buggers be easier to spot).
May probably not with all the fun new laws.
3
 snoop6060 07 Dec 2016
In reply to zebidee:
Stop Teresa may snooping? Yeah, good luck with that. She can legally hack into your phone and computer then lie about doing so in court.
Post edited at 16:31
1
 David Barlow 07 Dec 2016
In reply to zebidee:

UKC need to move to HTTPS before Chrome marks non-HTTPS pages as insecure and Google starts pushing non-HTTPS pages down its search results: https://blog.digicert.com/google-takes-another-step-to-help-encourage-https...
 Brass Nipples 07 Dec 2016
In reply to zebidee:

There's nothing damning on these forums.
In reply to zebidee:

We're hoping to complete the move to HTTPS by the end of the year. This also involves moving to a new server since the current one only supports TLS 1.0.
 dommc 09 Dec 2016
Another issue with not using HTTPS is that the password you use to log in here travels unencrypted over the Internet, and should therefore be considered a compromised one. Not so good if the password is used on other websites as well.
In reply to dommc:

The login and user options pages have been over HTTPS for years.
 two_tapirs 09 Dec 2016
In reply to dommc:

> Another issue with not using HTTPS is that the password you use to log in here travels unencrypted over the Internet, and should therefore be considered a compromised one. Not so good if the password is used on other websites as well.

If you use the same password across other sites, the chances are you've already been part of a data breach.
A good way to check is to have a look at Troy Hunt's excellent site: https://haveibeenpwned.com
In reply to zebidee:

UKH is fully HTTPS now and you can use HTTPS on UKC if you want but it's not the default at the mo. There might be a few mixed content warnings here and there where a images are being loaded from non-HTTPS but we've corrected most of them.

We're waiting for our HTTPS CDN to come online before making UKC HTTPS as default as we don't have enough bandwidth allowance to host all the images from the main server.

New Topic
This topic has been archived, and won't accept reply postings.
Loading Notifications...