Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Ssl

  1. #1
    Senior Member setho's Avatar
    Join Date
    Dec 2012
    Location
    New York
    Posts
    676

    Ssl

    Any chance of having an SSL certificate installed?
    Seth O.

    ESR #2474
    1966 911 - '77 2.7L Hot Rod
    1967 Pontiac Bonneville - '70 455
    2000 996

    WANTED: 1966 Transaxle 229835-902/1

  2. #2
    Out of curiosity, why? Not that it's any of my business.

  3. #3
    Senior Member uptheorg's Avatar
    Join Date
    Apr 2012
    Location
    Scarsdale, New York
    Posts
    702
    @LiveFromNY Of course it is your business -- the way I understand it, the certificate will further protect you from hackers when browsing these forums.
    Jim

    __________________________________________________ ___________
    Early S Registry #2359

    1970 Porsche 911 Rally 2.4
    2018 Porsche Macan GTS

  4. #4
    Senior Member setho's Avatar
    Join Date
    Dec 2012
    Location
    New York
    Posts
    676
    Mainly because you have to log into this forum. Which means passwords are passed cleartext across the web.
    Seth O.

    ESR #2474
    1966 911 - '77 2.7L Hot Rod
    1967 Pontiac Bonneville - '70 455
    2000 996

    WANTED: 1966 Transaxle 229835-902/1

  5. #5
    Yes, but it's a cost/benefit in a situation like this. You'll notice that lots of forums decide the cost is not worth the benefit in their situation. Pelican, 356 reg, etc are running http. Rennlist and Samba have gone https and at least one regrets that decision. My guess is, as a smaller group, and with the limited technical resources that seem to be available (let alone the limited technical knowledge on display) we'd find ourselves in the non-https group give any objective analysis (at least for now).

  6. #6
    Senior Member setho's Avatar
    Join Date
    Dec 2012
    Location
    New York
    Posts
    676
    SSL certificates are very cheap these days. And modern browsers are now displaying "Not Secure".

    I'd love to know why Rennlist or the Samba had a problem going HTTPS.... My guess is it broke something on the back end.... Because for basic browsing of a site, it's really an easy thing.
    Seth O.

    ESR #2474
    1966 911 - '77 2.7L Hot Rod
    1967 Pontiac Bonneville - '70 455
    2000 996

    WANTED: 1966 Transaxle 229835-902/1

  7. #7
    Fun fact... the latest data suggests the "not secure" display that Chrome implemented in July is affecting less than one half of one percent of users. It's a rounding error.

    The cost of the certificate is irrelevant. The cost/risk is in a proper and comprehensive installation which amateurs THINK is easy and professionals KNOW is actually deceptively easy. A key difference.

    The site that regrets it's move to https lost more than 50% of their traffic because their technologist didn't understand the importance of having a proper and well-planned redirect strategy from http to https pages. Only one of the things he missed. Not their fault. I've seen smarter people make dumber mistakes.
    Last edited by LiveFromNY; 11-14-2018 at 06:12 PM.

  8. #8
    Are we boring people yet?

  9. #9
    Senior Member setho's Avatar
    Join Date
    Dec 2012
    Location
    New York
    Posts
    676
    Quote Originally Posted by LiveFromNY View Post
    The site that regrets it's move to https lost more than 50% of their traffic because their technologist didn't understand the importance of having a proper and well-planned redirect strategy from http to https pages. Only one of the things he missed. Not their fault. I've seen smarter people make dumber mistakes.

    That's just stupid.

    Security is part of my job.... Passing passwords in clear text is always a bad idea. People reuse passwords (also bad), but it's a reality. By staying non-SSL, we're just aiding scammers.
    Seth O.

    ESR #2474
    1966 911 - '77 2.7L Hot Rod
    1967 Pontiac Bonneville - '70 455
    2000 996

    WANTED: 1966 Transaxle 229835-902/1

  10. #10
    Quote Originally Posted by setho View Post
    That's just stupid.

    Security is part of my job.... Passing passwords in clear text is always a bad idea. People reuse passwords (also bad), but it's a reality. By staying non-SSL, we're just aiding scammers.
    Hardly stupid if you're the one responsible for keeping the organization alive.

    As a tech CEO, Internet security is ALL of my job and I'd argue that it's a small problem on a site that doesn't store personal or financial information. We're a very low-value target.

    If there's extra $$ in the tech budget, I'd suggest a mobile plug-in. Half the world's Internet traffic is mobile and the site's almost unusable on my iPhone.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Message Board Disclaimer and Terms of Use
This is a public forum. Messages posted here can be viewed by the public. The Early 911S Registry is not responsible for messages posted in its online forums, and any message will express the views of the author and not the Early 911S Registry. Use of online forums shall constitute the agreement of the user not to post anything of religious or political content, false and defamatory, inaccurate, abusive, vulgar, hateful, harassing, obscene, profane, sexually oriented, threatening, invasive of a person's privacy, or otherwise to violate the law and the further agreement of the user to be solely responsible for and hold the Early 911S Registry harmless in the event of any claim based on their message. Any viewer who finds a message objectionable should contact us immediately by email. The Early 911S Registry has the ability to remove objectionable messages and we will make every effort to do so, within a reasonable time frame, if we determine that removal is necessary.