https

Home Forums General Feedback & Suggestions https

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • February 17, 2017 at 7:35 pm #4656
    mattiejas
    Keymaster

    I’ve reconfigured the website to use https. The old http links will keep working but everything will be redirected to https.

    For the time being I’ve disabled caching as I got strange errors when I left it enabled, but I’ll try to re-enable it again in a few days.

    February 18, 2017 at 8:07 am #4663
    Roofstone
    Participant

    Yes I know some of these words. Like “the”.

    You know best boss, change whatever you wanna change. 🙂

    February 18, 2017 at 11:27 am #4679
    mattiejas
    Keymaster

    LOL 😀 In layman’s terms, any naughty folks snooping the internet will no longer see the raw content whenever you use the website (e.g. when you type your password). Instead they’ll see some random garbled strings. It’s considered a good thing; see for instance:

    https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

    February 18, 2017 at 11:28 am #4680
    mattiejas
    Keymaster

    Oh, I’ve re-enabled caching; seems to work – if you still notice any issues please do give a shout.

    February 18, 2017 at 1:09 pm #4685
    jeffrey
    Participant

    Well i hope our passwords where not send in plain text to begin with ;p
    But it seems to work fine now mattie 🙂 gj

    February 18, 2017 at 7:14 pm #4689
    mattiejas
    Keymaster

    Yeah, I wish so too jeff… Most webhosts charge quite a bit extra for SSL, so I’m glad that siteground finally made this available on their cheapest plan too.

    Anyway, if you ever wanted to change your password on the website, now is a good time!

    February 18, 2017 at 8:55 pm #4691
    jeffrey
    Participant

    I did not mean the ssl encryption, i meant like a password hash. So that password are not send in plain text but as ‘random’ characters ;p It would be realy bad if that was not the case.
    But i was just joking man, a framework like this should have this covert.

    February 25, 2017 at 12:09 pm #4803
    83427
    Participant

    if you mean MD5 its already hacked. i can decode your MD5 passowrd in seconds….

    http://www.md5online.org/

    anyway how you said. its already fixed here so have no fear 😉

    February 25, 2017 at 12:44 pm #4804
    jeffrey
    Participant

    Haha, to realy get into the topic: more or less yeah, not MD5 becouse it’s been bad a view years now.
    Hopefully it’s not SHA1 either, wich google found collisions for 2 days ago.
    MD5 (or SHA1) is not a good password hash to start with becouse its to fast, they are designed for verification of integrity. For password hashing you want to add ‘salt’ and use a good algorithm like PBKDF2, scrypt or bcrypt.
    But like i mentioned earlier, a framework like wordpress should have this done by default.
    (I think i read somewhere i uses bcrypt, but it could be wrong)

  • Author
    Posts
Viewing 9 posts - 1 through 9 (of 9 total)
  • The forum ‘Feedback & Suggestions’ is closed to new topics and replies.