Page 1 of 3 123 LastLast
Results 1 to 10 of 21
  1. Collapse Details
    This site needs SSL encryption - https
    #1
    Junior Member
    Join Date
    Sep 2005
    Location
    Las Vegas
    Posts
    29
    Default
    I haven't used this site in awhile and was surprised to find that it isn't using SSL encryption. Presently this is only an http website which is more open to hacking. Any chance this will change soon?

    Thanks
    Reply With Quote
     

  2. Collapse Details
    #2
    Senior Member jamedia.uk's Avatar
    Join Date
    Nov 2012
    Location
    Birmingham UK
    Posts
    577
    Default
    there is no need to use SSL on a site like this. What, in an open forum like this, do you need to encrypt?
    Why is DVX likely to be a target?
    Reply With Quote
     

  3. Collapse Details
    #3
    Senior Member
    Join Date
    Dec 2005
    Location
    Northern California
    Posts
    835
    Default
    Every site can be a target. Bots and meatbots hunt for insecure sites for fun and profit.

    Here's what the makers of vBulletin (on which this fine forum runs) have to say (at least as of last update in May 2017):

    CONVERTING YOUR FORUM TO HTTPS

    This FAQ explains how to convert your vBulletin forum to use secure https (SSL) rather than http, and why you might need to.

    [snip]

    WHY DO I NEED HTTPS?
    Data sent over regular http connections are sent in plain text and could in theory be read by anyone who intercepts the connection. With an https connection, the data is securely encrypted, meaning that even if someone intercepted it, they wouldn't be able to read it.
    Starting in January 2017, Google's Chrome browser will begin to mark non-https pages as 'Insecure'. This warning may put off visitors to your site. Other browsers are expected to follow suit in due course.
    More details on this can be found HERE
    Additionally, Google is now using https as a ranking signal, meaning not having https could harm your site's ranking in Google. More details on this HERE.

    Rest of the FAQ, with links and instructions can be found here:
    https://www.vbulletin.com/forum/arti...forum-to-https
    ----------
    Jim Feeley
    POV Media
    Reply With Quote
     

  4. Collapse Details
    #4
    Admin Jason Ramsey's Avatar
    Join Date
    Aug 2006
    Location
    Colorado
    Posts
    13,249
    Default
    agreed.

    Accept No Imitations.
    www.dvxuser.com | www.reduser.net | www.scarletuser.com | www.dvxfest.com
    and...
    www.BMCuser.com - The Online Community for Blackmagic Camera users.
    Filmmaking Communities powered by Landmine Media, Inc.
    Reply With Quote
     

  5. Collapse Details
    #5
    Senior Member TubEfingers's Avatar
    Join Date
    Oct 2006
    Location
    London
    Posts
    532
    Default
    "Meatbot" never heard that term before
    EVA1, AF101, AC161, GH4
    Reply With Quote
     

  6. Collapse Details
    #6
    Senior Member
    Join Date
    Sep 2006
    Location
    Vancouver, BC
    Posts
    1,241
    Default
    Agreed.
    Reply With Quote
     

  7. Collapse Details
    #7
    Senior Member
    Join Date
    Mar 2010
    Location
    Central NC, USA
    Posts
    1,506
    Default
    Quote Originally Posted by Paul Folger View Post
    I haven't used this site in awhile and was surprised to find that it isn't using SSL encryption. Presently this is only an http website which is more open to hacking. Any chance this will change soon?

    Thanks
    Yep, I'll add another voice asking for encryption. All web traffic should be encrypted.
    Reply With Quote
     

  8. Collapse Details
    #8
    Senior Member jamedia.uk's Avatar
    Join Date
    Nov 2012
    Location
    Birmingham UK
    Posts
    577
    Default
    Quote Originally Posted by Bruce Watson View Post
    Yep, I'll add another voice asking for encryption. All web traffic should be encrypted.
    Why?

    It is not as though SSL is that secure anyway.
    Reply With Quote
     

  9. Collapse Details
    #9
    Senior Member
    Join Date
    Dec 2005
    Location
    Northern California
    Posts
    835
    Default
    Quote Originally Posted by TubEfingers View Post
    "Meatbot" never heard that term before
    Thanks. I made that up as I wrote. Just seemed more fun that writing "script kiddie" or "bored hacker" or something. Probably others have used the term to mean who knows what.
    Last edited by Jim Feeley; 11-16-2017 at 11:40 AM.
    ----------
    Jim Feeley
    POV Media
    Reply With Quote
     

  10. Collapse Details
    #10
    Default
    HTTPS is less useful here because all it does is scramble the data transmission between you and the site. For example, you click a page, and the HTML coming from the site to you would be scrambled. Or you submit a post, and the text of your post is scrambled, so that an eavesdropper couldn't read your post.

    But since www.dvxuser.com shows everything even to unsigned-in guests, what's the benefit? Your posts are signed and dated with your username, for all the world to see.

    HTTPS doesn't protect a site from being broken into or hacked or whatever else scary stuff you can think of.

    There would be one benefit though: when you sign in. Your password should be scrambled in transmission. DVXUser actually does this but with JavaScript instead of HTTPS, and with an older cipher, so it's not the safest thing in the world, and if you use the same password for DVXUser as you do with your bank, I would change your bank's password now.

    The site owner should look into Let's Encrypt. It's free and easy (easy for a webmaster, not mere mortals).
    Reply With Quote
     

Page 1 of 3 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •