Old School Airsmith
HTTPS on AO
@admins
Any option of securing AO with https? As it stands, it's dangerously vulnerable to man in the middle attacks. There's enough security (email verification for any changes) that I'm not worried about my account being taken over, but I have had to make a habit of only using temporary passwords and avoiding PMing any personal details.
I'm sure if there's a paid/supporter option, the community would offset the cost. I'd certainly donate to help.
Inline Mechs
DittoOriginally Posted by Xyxyll
>>WTB<< Sydarm w/ constant air__WarpedMephisto half-c/f body__Ac!d c/f trigger__TASO humpback frame__an Oh-Mag
Registered User
Agreed that AO contains some personal details which should benefit from encryption, but Let’s Encrypt is free. I’m happy to help getting https configured here if help is needed.
aka- The Day Wang
I believe we have the SSL certificate installed. Will look into the settings this weekend.
aka- The Day Wang
The certificate is out of date, so even if I told the forum to run secure, it would throw an error.
I have an email out to the hosting company, so hopefully this week it'll be resolved. I'll also set a calendar reminder for the certificate expiration date to make sure it's taken care of in a more timely fashion in the future.
Old School Airsmith
Great news. Thank you!
Registered User
This is interesting reading. I'm an Android developer and learning about webpages.
aka- The Day Wang
So the certificate is now on auto-update. There are some hard coded items in the templates (so far as we can tell) that are not using HTTPS. Requires some template editing.
Once we tackle that, we'll see what else is showing as not secure. It's going to be a bit of a process - one thing at a time.
So right now, LOTS of the site is secured via HTTPS, but it's not showing due to the template issues.
Posting Permissions
Reply With Quote