https


Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #4656
    mattiejas
    Keymaster

    I’ve reconfigured the website to use https. The old http links will keep working but everything will be redirected to https.

    For the time being I’ve disabled caching as I got strange errors when I left it enabled, but I’ll try to re-enable it again in a few days.

    #4663
    Roofstone
    Participant

    Yes I know some of these words. Like “the”.

    You know best boss, change whatever you wanna change. :)

    #4679
    mattiejas
    Keymaster

    LOL :D In layman’s terms, any naughty folks snooping the internet will no longer see the raw content whenever you use the website (e.g. when you type your password). Instead they’ll see some random garbled strings. It’s considered a good thing; see for instance:

    https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

    #4680
    mattiejas
    Keymaster

    Oh, I’ve re-enabled caching; seems to work – if you still notice any issues please do give a shout.

    #4685
    jeffrey
    Participant

    Well i hope our passwords where not send in plain text to begin with ;p
    But it seems to work fine now mattie :) gj

    #4689
    mattiejas
    Keymaster

    Yeah, I wish so too jeff… Most webhosts charge quite a bit extra for SSL, so I’m glad that siteground finally made this available on their cheapest plan too.

    Anyway, if you ever wanted to change your password on the website, now is a good time!

    #4691
    jeffrey
    Participant

    I did not mean the ssl encryption, i meant like a password hash. So that password are not send in plain text but as ‘random’ characters ;p It would be realy bad if that was not the case.
    But i was just joking man, a framework like this should have this covert.

    #4803
    83427
    Participant

    if you mean MD5 its already hacked. i can decode your MD5 passowrd in seconds….

    http://www.md5online.org/

    anyway how you said. its already fixed here so have no fear ;-)

    #4804
    jeffrey
    Participant

    Haha, to realy get into the topic: more or less yeah, not MD5 becouse it’s been bad a view years now.
    Hopefully it’s not SHA1 either, wich google found collisions for 2 days ago.
    MD5 (or SHA1) is not a good password hash to start with becouse its to fast, they are designed for verification of integrity. For password hashing you want to add ‘salt’ and use a good algorithm like PBKDF2, scrypt or bcrypt.
    But like i mentioned earlier, a framework like wordpress should have this done by default.
    (I think i read somewhere i uses bcrypt, but it could be wrong)

Viewing 9 posts - 1 through 9 (of 9 total)
  • The forum ‘Feedback & Suggestions’ is closed to new topics and replies.