Jump to content
Arnie

HTTPS is going to come in as default

Recommended Posts

It appears that Apple and Google are pushing https as the default service for logins for services. As a result a lot of forums and websites are going to have to update. (source: https://blog.tapatalk.com/2017-the-year-of-https/ )

 

I've generated us a certificate and installed it, I've enabled SSL and it should work for everything. Please give it a go and let me know, you can find things at https://arniesairsoft.co.uk/forums .  Once it's been tested for a bit I'll move it to be the default for us all and enable it for Tapatalk as well.

  • Like 5

Share this post


Link to post
Share on other sites

The driving force for HTTPS is privacy, so when members of Arnies are discussing wotz am bested pew pew stick, the privacy and integrity of such data exchanges are protected.....in theory.

  • Like 2

Share this post


Link to post
Share on other sites

What does this mean for the non tech savvy troglodytes amongst us?

 

HTTPS is essentially a cool piece of tech which allows for better overall security by encrypting the connection between you and the website host. An "SSL Certificate" is assigned to the website by a certification authority (like google) which essentially says "If you can access this website over https, you know it's the correct website" - because without that certificate there's no quick proof it's them. Without a certificate, I could redirect you to a page I built to look like the one you meant to access. That's bad because you might share sensitive info trying to login etc.

 

The certificate holds a "public key" which matches up against the "private key" the CA holds; this allows the CA to verify the site.

 

Standard ISP logs don't catch the specific pages you're trying to access i.e. https://alexsporndungeon.com/bin/etc/goatporn/reallynastygoatporn.mp4 but instead just https://alexsporndungeon.com which in hindsight gives the game away anyway.

 

It's good stuff all round!

Edited by DrAlexanderTobacco

Share this post


Link to post
Share on other sites

In simpler (ish) terms https means login credentials (username and password) should be encrypted when sent by you to the website. Where with an http website they are passed in plain text and can be easily intercepted / stolen.

Share this post


Link to post
Share on other sites

×

Important Information

By using this site, you agree to our Terms of Use and the use of session cookies.