+- MacResource (https://forums.macresource.com)
+-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1)
+--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3)
+--- Thread: Here's one that I've wondered about for a long time... (/showthread.php?tid=220075)
Pages:
1
2
Here's one that I've wondered about for a long time... - GeneL - 08-30-2018
... If https is more secure why hasn't the forum been using it?
Re: Here's one that I've wondered about for a long time... - wave rider - 08-30-2018
^^^^ We be dangerous characters on the MRF. We don't need no stinking s…
Re: Here's one that I've wondered about for a long time... - Ombligo - 08-30-2018
Because we are fairly insecure...
WELCOME BACK GENE!!
Re: Here's one that I've wondered about for a long time... - Speedy - 08-30-2018
Hey, GeneL!!
Re: Here's one that I've wondered about for a long time... - TheTominator - 08-30-2018
HTTPS costs more money to implement and maintain.
HTTPS is more technically difficult to implement and doesn't easily allow for more flexible hosting and website file configurations.
HTTPS uses more CPU on both ends (client and server).
HTTPS continually requires "new and improved" security systems that make older web browsers obsolete.
HTTPS makes sense for web communications like online purchases, online banking, and similar where it is just you and a single other party communicating. Everybody else is forbidden from eavesdropping.
But a public forum like this... what you post is for all to see. You don't even need an account to see everything in this forum. Does it matter if someone eavesdrops and reads your post while it is on the way to the forum server?
On a public forum the only advantage I can see of HTTPS is to prevent a man-in-the-middle attack where someone would intercept your post and prevent it from being posted or modify it to say something different. There may also be the possibility of intercepting your password and posting with your account. These situations can be handled by moderators and admins after the fact so it may be that the cost/benefit of HTTPS says we are fine with just plain old HTTP.
Re: Here's one that I've wondered about for a long time... - mrlynn - 08-30-2018
Howdy Gene! Where ya been?
EDIT: Clicking your handle, I see you have been posting now and then—sorta like me.
/Mr Lynn
Re: Here's one that I've wondered about for a long time... - Cary - 08-30-2018
Ombligo wrote:
Because we are fairly insecure...
FTW!
Re: Here's one that I've wondered about for a long time... - mattkime - 08-30-2018
Almost none of this is significant anymore.
https isn't available because this forum is a side project run by benevolent overlords.
IMO, supporting https would be top of my list for changes. It might be more work than I'm estimating but i know it _can_ be something provided by a service where you just flip a switch. might cost something though.
TheTominator wrote:
HTTPS costs more money to implement and maintain.
HTTPS is more technically difficult to implement and doesn't easily allow for more flexible hosting and website file configurations.
HTTPS uses more CPU on both ends (client and server).
HTTPS continually requires "new and improved" security systems that make older web browsers obsolete.
HTTPS makes sense for web communications like online purchases, online banking, and similar where it is just you and a single other party communicating. Everybody else is forbidden from eavesdropping.
But a public forum like this... what you post is for all to see. You don't even need an account to see everything in this forum. Does it matter if someone eavesdrops and reads your post while it is on the way to the forum server?
On a public forum the only advantage I can see of HTTPS is to prevent a man-in-the-middle attack where someone would intercept your post and prevent it from being posted or modify it to say something different. There may also be the possibility of intercepting your password and posting with your account. These situations can be handled by moderators and admins after the fact so it may be that the cost/benefit of HTTPS says we are fine with just plain old HTTP.
Re: Here's one that I've wondered about for a long time... - GeneL - 08-30-2018
Thank you "The Tominator!"
Your explanation was really great and I can see that it makes perfect sense, something that is pretty rare, nowadays.
Hi, to my friends who said hello!
Things have been going downhill for me. I've been exhausted and I don't know what to do.
They tell me that my dialysis results have been good, but it seems that every day I have less and less energy.
It's making me feel very depressed.
Re: Here's one that I've wondered about for a long time... - testcase - 08-30-2018
Glad you're back GeneL; you were missed! :hamsterdance: