SSL Certificate
+ Reply to Thread
Page 1 of 2 1 2 LastLast
Posts 1 to 10 of 11

Thread: SSL Certificate

  1. #1

    Still gathering requirements...


    Join Date
    Oct 2013
    Posts
    98
    Thanks (Given)
    0
    Thanks (Received)
    8
    Likes (Given)
    2
    Likes (Received)
    20

    Default SSL Certificate

    Could CUK get one please?

  2. #2

    Richer than sasguru

    DimPrawn's Avatar
    Join Date
    Jul 2005
    Location
    Brexit Britain
    Posts
    32,717
    Thanks (Given)
    270
    Thanks (Received)
    735
    Likes (Given)
    4273
    Likes (Received)
    3582

    Default

    Quote Originally Posted by Scratch It View Post
    Could CUK get one please?
    Costs £10

    Not in Brexit Britain, we need it for soup kitchens.
    If you look really hard, really really hard, you will find Doom™ everywhere.

  3. #3
    eek
    eek is offline

    bored now

    eek's Avatar
    Join Date
    Jun 2010
    Location
    😂
    Posts
    22,377
    Thanks (Given)
    241
    Thanks (Received)
    1206
    Likes (Given)
    1040
    Likes (Received)
    3561

    Default

    It's free with automated renewals at https://letsencrypt.org

    However adding ssl would be pointless due to all the unencrypted photos already linked to on this site so it's a can't see the point from me
    Last edited by eek; 28th June 2017 at 08:42.
    merely at clientco for the entertainment

  4. #4

    TykeLike

    SimonMac's Avatar
    Join Date
    Aug 2010
    Location
    God's Own Republic Of Yorkshire
    Posts
    22,192
    Thanks (Given)
    226
    Thanks (Received)
    1130
    Likes (Given)
    808
    Likes (Received)
    2986

    Default

    Quote Originally Posted by eek View Post
    It's free with automated renewals at https://letsencrypt.org

    However adding ssl would be broken due to all the unencrypted photos already linked to on this site so it's a can't see the point from me
    Been using letsencrypt on http://camnomis.com/ for a while, seems to be god enough for most basic sites (ie nothing eComm) and most people expect to see a padlock etc. these days
    “Live a good life. If there are gods and they are just, then they will not care how devout you have been, but will welcome you based on the virtues you have lived by. If there are gods, but unjust, then you should not want to worship them. If there are no gods, then you will be gone, but will have lived a noble life that will live on in the memories of your loved ones.”

    ― Marcus Aurelius

  5. #5

    More time posting than coding

    Snarf's Avatar
    Join Date
    Mar 2015
    Location
    North West
    Posts
    248
    Thanks (Given)
    6
    Thanks (Received)
    8
    Likes (Given)
    113
    Likes (Received)
    32

    Default

    Im curious as to what benefit an SSL cert would bring to CUK?

    Yeah, ok the traffic to the site would be encrypted, but its a public forum, any traffic (except your password when you log in) will most likely end up on a public forum anyway...

  6. #6

    Super poster

    woohoo's Avatar
    Join Date
    Nov 2007
    Location
    Manchester
    Posts
    2,433
    Thanks (Given)
    139
    Thanks (Received)
    169
    Likes (Given)
    753
    Likes (Received)
    582

    Default

    Quote Originally Posted by Snarf View Post
    Im curious as to what benefit an SSL cert would bring to CUK?

    Yeah, ok the traffic to the site would be encrypted, but its a public forum, any traffic (except your password when you log in) will most likely end up on a public forum anyway...
    I guess the password is big un, would be fairly easy to monitor network traffic and get login details. Then anyone could login and post random crap, it's clear from General this happens frequently.

  7. #7

    More time posting than coding

    yetanotherbob's Avatar
    Join Date
    Sep 2010
    Posts
    220
    Thanks (Given)
    16
    Thanks (Received)
    5
    Likes (Given)
    81
    Likes (Received)
    25

    Default

    Quote Originally Posted by woohoo View Post
    I guess the password is big un, would be fairly easy to monitor network traffic and get login details. Then anyone could login and post random crap, it's clear from General this happens frequently.
    At least they are sending a hash of the password over the Internet between your browser and CUK.
    Not that it helps much against someone adequately motivated as it's a simple hash of the password, so someone could simply use that to perform a fake login (but at least they won't know your real password - e.g. if you use it on other sites).

    If CUK were to maybe add digest authentication, then at least the hash would be different for each login attempt.
    (still doesn't completely prevent a dedicated MITM to fool you into revealing your real password but would make it harder and more sophisticated)

    It might just be easier to add SSL though.

  8. #8

    Super poster

    woohoo's Avatar
    Join Date
    Nov 2007
    Location
    Manchester
    Posts
    2,433
    Thanks (Given)
    139
    Thanks (Received)
    169
    Likes (Given)
    753
    Likes (Received)
    582

    Default

    Quote Originally Posted by yetanotherbob View Post
    At least they are sending a hash of the password over the Internet between your browser and CUK.
    Not that it helps much against someone adequately motivated as it's a simple hash of the password, so someone could simply use that to perform a fake login (but at least they won't know your real password - e.g. if you use it on other sites).

    If CUK were to maybe add digest authentication, then at least the hash would be different for each login attempt.
    (still doesn't completely prevent a dedicated MITM to fool you into revealing your real password but would make it harder and more sophisticated)

    It might just be easier to add SSL though.
    It's incredibly easy to break the hash that CUK uses to find out the actual password. So if you do use it on other sites then don't.

    FYI just google break hash, one of the top ten will allow you to enter the hash and it will be converted to plain text. So you don't even need to be dedicated, just half interested.

    TBH it's not that big a deal for me, CUK doesn't hold my cc details. Though it does hold my email and I suppose you could use that along with the password on a number of popular websites. I'm lucky I don't think that combination would work on anything, only because it's using an old email address.
    Last edited by woohoo; 9th July 2017 at 17:47.

  9. #9

    More time posting than coding

    yetanotherbob's Avatar
    Join Date
    Sep 2010
    Posts
    220
    Thanks (Given)
    16
    Thanks (Received)
    5
    Likes (Given)
    81
    Likes (Received)
    25

    Default

    Quote Originally Posted by woohoo View Post
    It's incredibly easy to break the hash that CUK uses to find out the actual password. So if you do use it on other sites then don't.
    Good point: https://en.wikipedia.org/wiki/MD5#Security

  10. #10

    Some things in Moderation

    cojak's Avatar
    Join Date
    Jul 2005
    Location
    Look to your right...
    Posts
    17,942
    Thanks (Given)
    476
    Thanks (Received)
    1029
    Likes (Given)
    4158
    Likes (Received)
    2752

    Default

    You shouldn't be using the same password on sites you value as on CUK anyway.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Content Relevant URLs by vBSEO 3.6.0 ©2011, Crawlability, Inc.