Home › Forums › General › Feedback & Suggestions › https
- This topic has 8 replies, 4 voices, and was last updated 6 years, 1 month ago by jeffrey.
- February 17, 2017 at 7:35 pm #4656
I’ve reconfigured the website to use https. The old http links will keep working but everything will be redirected to https.
For the time being I’ve disabled caching as I got strange errors when I left it enabled, but I’ll try to re-enable it again in a few days.February 18, 2017 at 8:07 am #4663RoofstoneParticipant
Yes I know some of these words. Like “the”.
You know best boss, change whatever you wanna change. 🙂February 18, 2017 at 11:27 am #4679
LOL 😀 In layman’s terms, any naughty folks snooping the internet will no longer see the raw content whenever you use the website (e.g. when you type your password). Instead they’ll see some random garbled strings. It’s considered a good thing; see for instance:
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.htmlFebruary 18, 2017 at 11:28 am #4680
Oh, I’ve re-enabled caching; seems to work – if you still notice any issues please do give a shout.February 18, 2017 at 1:09 pm #4685
Well i hope our passwords where not send in plain text to begin with ;p
But it seems to work fine now mattie 🙂 gjFebruary 18, 2017 at 7:14 pm #4689
Yeah, I wish so too jeff… Most webhosts charge quite a bit extra for SSL, so I’m glad that siteground finally made this available on their cheapest plan too.
Anyway, if you ever wanted to change your password on the website, now is a good time!February 18, 2017 at 8:55 pm #4691
I did not mean the ssl encryption, i meant like a password hash. So that password are not send in plain text but as ‘random’ characters ;p It would be realy bad if that was not the case.
But i was just joking man, a framework like this should have this covert.February 25, 2017 at 12:09 pm #480383427Participant
if you mean MD5 its already hacked. i can decode your MD5 passowrd in seconds….
anyway how you said. its already fixed here so have no fear 😉February 25, 2017 at 12:44 pm #4804
Haha, to realy get into the topic: more or less yeah, not MD5 becouse it’s been bad a view years now.
Hopefully it’s not SHA1 either, wich google found collisions for 2 days ago.
MD5 (or SHA1) is not a good password hash to start with becouse its to fast, they are designed for verification of integrity. For password hashing you want to add ‘salt’ and use a good algorithm like PBKDF2, scrypt or bcrypt.
But like i mentioned earlier, a framework like wordpress should have this done by default.
(I think i read somewhere i uses bcrypt, but it could be wrong)
- The forum ‘Feedback & Suggestions’ is closed to new topics and replies.