This has been put up to the PS+ crew to look at, they've been doing some catchup post Gencon but it's on the docket soon as they get a clear spot on the plate to look at it.
—
I fix broken things. If you need something fixed, mention it on the suggestions board. I also sometimes speak as website administrator and/ moderator.
Old post, but still a great idea in 2017 or '18, '19, etc.
There's a service/thing here that can allow you to set up SSL for free --
"Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG)."
I've heard tell of many-many sites running a BBCode forum getting hacked into oblivion-- and this site doesn't even run encryption on the password reset/creation page. For all I know, I may have just created my account on a forked copy of the site...
Newer versions of Chrome/Firefox are showing a red "Not secure" warning next to the site's URL.
I also receive a warning popup when putting in my password (which is transmitted in clear text). Saying anything I put in may be compromised. It is a scary warning for non technical users, and is just as big of an issue for those of us who do know what it means.
Plus, there's the part where Google outright states they de-rank sites which don't support encryption.
I would be happy to help set up security via a free LetsEncrypt Certificate if that is what it takes to solve this problem.
PS: We're rapidly moving to a world where unencrypted pages get the same sort of treatment as those with invalid encryption. We're a few years off, but don't be surprised if users start seeing scary alert boxes about hackers stealing their passwords in the next year or so.
At this point I'm pretty sure the entire site will have to be compromised and deleted before they'll make any backend changes. Five years without answer says "not priority."
This has been put up to the PS+ crew to look at, they've been doing some catchup post Gencon but it's on the docket soon as they get a clear spot on the plate to look at it.
I fix broken things. If you need something fixed, mention it on the suggestions board.
I also sometimes speak as website administrator and/ moderator.
Old post, but still a great idea in 2017 or '18, '19, etc.
There's a service/thing here that can allow you to set up SSL for free --
"Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG)."
https://letsencrypt.org/about/
------
I've heard tell of many-many sites running a BBCode forum getting hacked into oblivion-- and this site doesn't even run encryption on the password reset/creation page. For all I know, I may have just created my account on a forked copy of the site...
--
Furry cows moo and decompress.
Can we please get HTTPS? I'm getting sick of Firefox bitching at me every time I try to login.
Skype and AIM names: Exactly the same as my forum name.
My EP Character Questionnaire
Thread for my Questionnaire
The Five Orange Pips
I would like improved security as well.
Hello,
Newer versions of Chrome/Firefox are showing a red "Not secure" warning next to the site's URL.
I also receive a warning popup when putting in my password (which is transmitted in clear text). Saying anything I put in may be compromised. It is a scary warning for non technical users, and is just as big of an issue for those of us who do know what it means.
Plus, there's the part where Google outright states they de-rank sites which don't support encryption.
I would be happy to help set up security via a free LetsEncrypt Certificate if that is what it takes to solve this problem.
PS: We're rapidly moving to a world where unencrypted pages get the same sort of treatment as those with invalid encryption. We're a few years off, but don't be surprised if users start seeing scary alert boxes about hackers stealing their passwords in the next year or so.
At this point I'm pretty sure the entire site will have to be compromised and deleted before they'll make any backend changes. Five years without answer says "not priority."
Done now that we've had a chance to work on it. Closing thread.
I fix broken things. If you need something fixed, mention it on the suggestions board.
I also sometimes speak as website administrator and/ moderator.