This site needs SSL encryption - https

**Paul Folger** · 11-13-2017 11:30 AM

I haven't used this site in awhile and was surprised to find that it isn't using SSL encryption. Presently this is only an http website which is more open to hacking. Any chance this will change soon?

Thanks

**jamedia.uk** · 11-13-2017 03:23 PM

there is no need to use SSL on a site like this. What, in an open forum like this, do you need to encrypt?
Why is DVX likely to be a target?

**Jim Feeley** · 11-13-2017 04:11 PM

Every site can be a target. Bots and meatbots hunt for insecure sites for fun and profit.

Here's what the makers of vBulletin (on which this fine forum runs) have to say (at least as of last update in May 2017):

CONVERTING YOUR FORUM TO HTTPS

This FAQ explains how to convert your vBulletin forum to use secure https (SSL) rather than http, and why you might need to.

[snip]

WHY DO I NEED HTTPS?
Data sent over regular http connections are sent in plain text and could in theory be read by anyone who intercepts the connection. With an https connection, the data is securely encrypted, meaning that even if someone intercepted it, they wouldn't be able to read it.
Starting in January 2017, Google's Chrome browser will begin to mark non-https pages as 'Insecure'. This warning may put off visitors to your site. Other browsers are expected to follow suit in due course.
More details on this can be found HERE
Additionally, Google is now using https as a ranking signal, meaning not having https could harm your site's ranking in Google. More details on this HERE.

Rest of the FAQ, with links and instructions can be found here:
https://www.vbulletin.com/forum/arti...forum-to-https

**Jason Ramsey** · 11-16-2017 06:22 AM

agreed.

**TubEfingers** · 11-16-2017 11:16 AM

"Meatbot"

never heard that term before

**Andrew Stone** · 11-16-2017 11:33 AM

Agreed.

**Bruce Watson** · 11-16-2017 11:41 AM

Originally Posted by Paul Folger

I haven't used this site in awhile and was surprised to find that it isn't using SSL encryption. Presently this is only an http website which is more open to hacking. Any chance this will change soon?

Thanks

Yep, I'll add another voice asking for encryption. All web traffic should be encrypted.

**jamedia.uk** · 11-16-2017 11:48 AM

Originally Posted by Bruce Watson

Yep, I'll add another voice asking for encryption. All web traffic should be encrypted.

Why?

It is not as though SSL is that secure anyway.

**Jim Feeley** · 11-16-2017 11:51 AM

Originally Posted by TubEfingers

"Meatbot"

never heard that term before

Thanks. I made that up as I wrote. Just seemed more fun that writing "script kiddie" or "bored hacker" or something. Probably others have used the term to mean who knows what.

**combatentropy** · 11-16-2017 12:14 PM

HTTPS is less useful here because all it does is scramble the data transmission between you and the site. For example, you click a page, and the HTML coming from the site to you would be scrambled. Or you submit a post, and the text of your post is scrambled, so that an eavesdropper couldn't read your post.

But since www.dvxuser.com shows everything even to unsigned-in guests, what's the benefit? Your posts are signed and dated with your username, for all the world to see.

HTTPS doesn't protect a site from being broken into or hacked or whatever else scary stuff you can think of.

There would be one benefit though: when you sign in. Your password should be scrambled in transmission. DVXUser actually does this but with JavaScript instead of HTTPS, and with an older cipher, so it's not the safest thing in the world, and if you use the same password for DVXUser as you do with your bank, I would change your bank's password now.

The site owner should look into Let's Encrypt. It's free and easy (easy for a webmaster, not mere mortals).

Thread: This site needs SSL encryption - https

Thread Tools

Search Thread

Display

Tags for this Thread

Posting Permissions