08-30-2018, 02:37 PM
Almost none of this is significant anymore.
https isn't available because this forum is a side project run by benevolent overlords.
IMO, supporting https would be top of my list for changes. It might be more work than I'm estimating but i know it _can_ be something provided by a service where you just flip a switch. might cost something though.
https isn't available because this forum is a side project run by benevolent overlords.
IMO, supporting https would be top of my list for changes. It might be more work than I'm estimating but i know it _can_ be something provided by a service where you just flip a switch. might cost something though.
TheTominator wrote:
HTTPS costs more money to implement and maintain.
HTTPS is more technically difficult to implement and doesn't easily allow for more flexible hosting and website file configurations.
HTTPS uses more CPU on both ends (client and server).
HTTPS continually requires "new and improved" security systems that make older web browsers obsolete.
HTTPS makes sense for web communications like online purchases, online banking, and similar where it is just you and a single other party communicating. Everybody else is forbidden from eavesdropping.
But a public forum like this... what you post is for all to see. You don't even need an account to see everything in this forum. Does it matter if someone eavesdrops and reads your post while it is on the way to the forum server?
On a public forum the only advantage I can see of HTTPS is to prevent a man-in-the-middle attack where someone would intercept your post and prevent it from being posted or modify it to say something different. There may also be the possibility of intercepting your password and posting with your account. These situations can be handled by moderators and admins after the fact so it may be that the cost/benefit of HTTPS says we are fine with just plain old HTTP.