Home › Forums › General › Feedback & Suggestions › https
- This topic has 8 replies, 4 voices, and was last updated 6 years, 6 months ago by
jeffrey.
- AuthorPosts
- February 17, 2017 at 7:35 pm #4656
mattiejas
KeymasterI’ve reconfigured the website to use https. The old http links will keep working but everything will be redirected to https.
For the time being I’ve disabled caching as I got strange errors when I left it enabled, but I’ll try to re-enable it again in a few days.
February 18, 2017 at 8:07 am #4663Roofstone
ParticipantYes I know some of these words. Like “the”.
You know best boss, change whatever you wanna change. 🙂
February 18, 2017 at 11:27 am #4679mattiejas
KeymasterLOL 😀 In layman’s terms, any naughty folks snooping the internet will no longer see the raw content whenever you use the website (e.g. when you type your password). Instead they’ll see some random garbled strings. It’s considered a good thing; see for instance:
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
February 18, 2017 at 11:28 am #4680mattiejas
KeymasterOh, I’ve re-enabled caching; seems to work – if you still notice any issues please do give a shout.
February 18, 2017 at 1:09 pm #4685jeffrey
ParticipantWell i hope our passwords where not send in plain text to begin with ;p
But it seems to work fine now mattie 🙂 gjFebruary 18, 2017 at 7:14 pm #4689mattiejas
KeymasterYeah, I wish so too jeff… Most webhosts charge quite a bit extra for SSL, so I’m glad that siteground finally made this available on their cheapest plan too.
Anyway, if you ever wanted to change your password on the website, now is a good time!
February 18, 2017 at 8:55 pm #4691jeffrey
ParticipantI did not mean the ssl encryption, i meant like a password hash. So that password are not send in plain text but as ‘random’ characters ;p It would be realy bad if that was not the case.
But i was just joking man, a framework like this should have this covert.February 25, 2017 at 12:09 pm #480383427
Participantif you mean MD5 its already hacked. i can decode your MD5 passowrd in seconds….
anyway how you said. its already fixed here so have no fear 😉
February 25, 2017 at 12:44 pm #4804jeffrey
ParticipantHaha, to realy get into the topic: more or less yeah, not MD5 becouse it’s been bad a view years now.
Hopefully it’s not SHA1 either, wich google found collisions for 2 days ago.
MD5 (or SHA1) is not a good password hash to start with becouse its to fast, they are designed for verification of integrity. For password hashing you want to add ‘salt’ and use a good algorithm like PBKDF2, scrypt or bcrypt.
But like i mentioned earlier, a framework like wordpress should have this done by default.
(I think i read somewhere i uses bcrypt, but it could be wrong) - AuthorPosts
- The forum ‘Feedback & Suggestions’ is closed to new topics and replies.