No https on the forum ?

You want to speak about the site or downright to participate in its realization? All the ideas and the notices are welcome …

Re: No https on the forum ?

Postby PinkVendeta » Mon, 18Jun04 10:40

shark wrote:I read several pages (in French, easier for me) about the configuration of a phpbb forum in https. Many who have tried had problems. I am very hesitant...

I understand, it can be scary because an average coder can really screw up the forum trying to force https://, but a good coder can do it easily, by a good coder this means someone You have to pay money to do it, but stick to the EU or USA when hiring someone.

See the site below for more information on having https:// on a phpbb forum as asked by a person in the UAE and see who replied offering their services.
https://www.freelancer.ie/projects/php/enable-force-https-phpbb-forum/

Coders with clear experience:

https://www.freelancer.ie/u/PerfectTopStar

https://www.freelancer.ie/u/AppSquads

https://www.freelancer.ie/u/codemaster7
I Am Not speaking From Experience - I Just Have A Vivid Imagination

Hannah
User avatar
PinkVendeta
legend of the South Seas
 
Posts: 612
Joined: Fri, 16May20 19:42
sex: Female

Re: No https on the forum ?

Postby Greyelf » Mon, 18Jun04 23:37

PinkVendeta wrote:...their respective passwords will then be encrypted.

Just for clarity sake, the passwords themselves are not encrypted.

It is the connection between the user's web-browser and the web-server that is encrypted, thus causing all requests (like login, page accesses, comment postings, etc...) sent via the HTTPS protocol to that web-server to be sent via that encrypted connection.
Greyelf
star of the reef
 
Posts: 366
Joined: Thu, 14Jun12 03:20
sex: Masculine

Re: No https on the forum ?

Postby PinkVendeta » Tue, 18Jun05 01:43

Greyelf wrote:Just for clarity sake, the passwords themselves are not encrypted.

It is the connection between the user's web-browser and the web-server that is encrypted, thus causing all requests (like login, page accesses, comment postings, etc...) sent via the HTTPS protocol to that web-server to be sent via that encrypted connection.


Here is how SSL or TLS more so in reality actually works.

SSL is the name that is most often used to refer to this protocol, but SSL specifically refers to the proprietary protocol designed by Netscape in the mid 90's.
TLS is an IETF standard that is based on SSL, these days, the odds are that nearly all of your secure connections on the web are really using TLS, not SSL.

TLS has several capabilities:

1/Encrypt your application layer data. (In your case, the application layer protocol is HTTP.)
2/Authenticate the server to the client.
3/Authenticate the client to the server.
1 and 2 are very common. 3 is less common.

Authentication
A server authenticates itself to a client using a certificate.
A certificate is a blob of data that contains information about a website:

Domain name
Public key
The company that owns it
When it was issued
When it expires
Who issued it
Etc.

HTTPS is combination of HTTP and SSL(Secure Socket Layer) to provide encrypted communication between client (browser) and web server (application is hosted here).

HTTPS encrypts data that is transmitted from browser to server over the network, So, no one can sniff the data during transmission.

Right now when logging into the forum, nothing is secure at all, this includes both your login and password and the mere fact that the new firefox picks up on the fact that the forum right now is not secure, clearly that alone should prompt Shark to hire someone good, get https:// in place with SSL or TLS and not have to worry again like last time.

The fact that people want to help Shark by giving info is far more important Greyelf than You having another dig at me for a mistake I wrote while typing over 100 words per minute :lol:
I Am Not speaking From Experience - I Just Have A Vivid Imagination

Hannah
User avatar
PinkVendeta
legend of the South Seas
 
Posts: 612
Joined: Fri, 16May20 19:42
sex: Female

Re: No https on the forum ?

Postby Greyelf » Tue, 18Jun05 10:01

PinkVendeta wrote:The fact that people want to help Shark by giving info is far more important Greyelf than You having another dig at me...

I wasn't having a dig at you, I was just trying to make sure that Shark (or anyone else) understood exactly what is being encrypted when using HTTPS.

Because I has seen a number of inexperienced developers mistakenly think that the data (like a 'password') being sent in the Request is what is encrypted, and then later saving that data (eg. passwords) on the web-server without encrypting it because they assumed that it already was.
Greyelf
star of the reef
 
Posts: 366
Joined: Thu, 14Jun12 03:20
sex: Masculine

Re: No https on the forum ?

Postby PinkVendeta » Sun, 18Jun10 23:13

Greyelf wrote:
PinkVendeta wrote:The fact that people want to help Shark by giving info is far more important Greyelf than You having another dig at me...

I wasn't having a dig at you, I was just trying to make sure that Shark (or anyone else) understood exactly what is being encrypted when using HTTPS.

Because I has seen a number of inexperienced developers mistakenly think that the data (like a 'password') being sent in the Request is what is encrypted, and then later saving that data (eg. passwords) on the web-server without encrypting it because they assumed that it already was.

No worries, PMT moment :lol:

Shark, you can hire someone with a set skill set, wont cost an arm and a leg either, and they will be able to easily put HTTPS in place on both the forum and the front page and on the various links on the front page also.

Good Skill Set in PHP:

PHP site fixing and customization
Experience with PHP & MySQL
Experience with HTML5 + CSS
Experience with different CMS & Software: phpBB
I Am Not speaking From Experience - I Just Have A Vivid Imagination

Hannah
User avatar
PinkVendeta
legend of the South Seas
 
Posts: 612
Joined: Fri, 16May20 19:42
sex: Female

Previous

Return to Shark's website

Who is online

Users browsing this forum: Google [Bot] and 2 guests

eXTReMe Tracker