Results 1 to 9 of 9

Thread: HTTPS on AO

  1. #1
    Join Date
    Apr 2003
    Location
    New York City
    Posts
    1,103

    Exclamation HTTPS on AO

    @admins

    Any option of securing AO with https? As it stands, it's dangerously vulnerable to man in the middle attacks. There's enough security (email verification for any changes) that I'm not worried about my account being taken over, but I have had to make a habit of only using temporary passwords and avoiding PMing any personal details.

    I'm sure if there's a paid/supporter option, the community would offset the cost. I'd certainly donate to help.

  2. #2
    Join Date
    Jan 2007
    Location
    PGH
    Posts
    596
    Quote Originally Posted by Xyxyll View Post
    I'm sure if there's a paid/supporter option, the community would offset the cost. I'd certainly donate to help.
    Ditto
    WTB I.T. body~Sydarm c/a~RPG Splinter trigger~RPG Sleeper rail~Carter 5-slot rail~reverse "X-Valve"~WWA angled foregrip

  3. #3
    Quote Originally Posted by Xyxyll View Post
    I'm sure if there's a paid/supporter option, the community would offset the cost. I'd certainly donate to help.
    Agreed that AO contains some personal details which should benefit from encryption, but Let’s Encrypt is free. I’m happy to help getting https configured here if help is needed.

  4. #4
    Join Date
    May 2001
    Location
    IN -- USA
    Posts
    9,627
    I believe we have the SSL certificate installed. Will look into the settings this weekend.

  5. #5
    Join Date
    May 2001
    Location
    IN -- USA
    Posts
    9,627
    The certificate is out of date, so even if I told the forum to run secure, it would throw an error.

    I have an email out to the hosting company, so hopefully this week it'll be resolved. I'll also set a calendar reminder for the certificate expiration date to make sure it's taken care of in a more timely fashion in the future.

  6. #6
    Join Date
    Apr 2003
    Location
    New York City
    Posts
    1,103
    Great news. Thank you!

  7. #7
    This is interesting reading. I'm an Android developer and learning about webpages.

  8. #8
    Join Date
    May 2001
    Location
    IN -- USA
    Posts
    9,627
    So the certificate is now on auto-update. There are some hard coded items in the templates (so far as we can tell) that are not using HTTPS. Requires some template editing.

    Once we tackle that, we'll see what else is showing as not secure. It's going to be a bit of a process - one thing at a time.

    So right now, LOTS of the site is secured via HTTPS, but it's not showing due to the template issues.

  9. #9
    Join Date
    Apr 2003
    Location
    New York City
    Posts
    1,103
    Quote Originally Posted by Dayspring View Post
    So the certificate is now on auto-update. There are some hard coded items in the templates (so far as we can tell) that are not using HTTPS. Requires some template editing.

    Once we tackle that, we'll see what else is showing as not secure. It's going to be a bit of a process - one thing at a time.

    So right now, LOTS of the site is secured via HTTPS, but it's not showing due to the template issues.
    Thank you for reacting so quickly and taking this so seriously! It's a much appreciated effort that I think will help keep AO relevant for years to come.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •