|
View previous topic ::
View next topic
|
| Would you prefer secure SST content through HTTPS/SSL over the current insecure one? |
| Yes, security is always important |
|
65% |
[ 17 ] |
| Yes, sounds useful |
|
30% |
[ 8 ] |
| No, I prefer insecure communication |
|
3% |
[ 1 ] |
|
| Total Votes : 26 |
|
| Author |
Message |
 Atanamo
Cadet 1
Joined: Nov 06, 2006
Member#: 16053
Posts: 3
    
|
 Posted:
Wed May 19, 2021 7:18 am Post subject: Securing the website with HTTPS/SSL |
 
|
The last few years clearly show an increasing focus of browsers and other platforms on security by HTTPS (SSL/TLS).
At the same time, technical barriers for supporting SSL/TLS came down, thanks to LetsEncrypt, for example.
The insecure HTTP protocol will probably become obsolete in the long term. HTTP websites are already disadvantaged, for example by Google search.
And there are numerous technical limitation in mixing HTTPS content with HTTP.
For example, this means that the SST radio stream cannot be embedded in an HTTPS page.
So SST is hindering its own accessibility on the web so far.
Thus, I definitely suggest HTTPS/SSL support - for website and radio stream. 
The time for this is overdue.  |
|
 |
 Dragonel 
Vice Admiral (Moderator)
Joined: Jul 16, 2008
Member#: 21881
Posts: 411
Location: Dragonia, US
|
|
Posted:
Wed May 19, 2021 10:48 am Post subject: |
|
There are a lot of other website changes / requests that haven't happened over the years due to everyone involved having real lives, and other reasons most old-timers know well.
In that context, my thought is that the second option really means "Yes, but not more important than other updates we need or want" and I have chosen it in that spirit.
_________________
If you can't stand the heat, don't tease a dragon |
|
|
|
 MojoPin
Vice Admiral (Moderator)
Joined: Jan 16, 2004
Member#: 4569
Posts: 712
Location: Texas
|
|
Posted:
Wed May 19, 2021 3:56 pm Post subject: |
|
Every time I'm here, my browser reminds me that the site hasn't been updated to HTTPS with this warning message attached to the login box:
"This connection is not secure. Logins here could be compromised."
SST is the only place I visit regularly which still triggers this "hey it's outdated" alert from my browser.
I concur that we're in serious need of some updates/upgrades, but those are dependent on Jeric or Admin having time to do big overhauls, and as Dragon already pointed out, real world is time-consuming.
So, I voted 'yes' under the second option, for same reasons. |
|
|
|
 607
Lieutenant
Joined: Sep 19, 2018
Member#: 46975
Posts: 222
Location: Amersfoort
|
|
Posted:
Thu May 20, 2021 3:02 am Post subject: |
|
Yes, I think it's important. I personally don't think the protection itself is too important, but many browsers and indeed Google too do hold websites that do not offer it in bad regard. As such, it is important to attract and keep new users to have https enabled.
Should it be troublesome? I'm no expert, but I enabled SSL protection for my own websites in less than an hour, if I recall correctly. Maybe things are more complicated for SST? Or has nobody with access to the hosting simply taken the time to look into it? Is that just JERIC, by the way?
Thanks for raising the issue, Atanamo.  |
|
|
|
Atanamo
Cadet 1
Joined: Nov 06, 2006
Member#: 16053
Posts: 3
|
|
Posted:
Thu May 20, 2021 6:43 am Post subject: |
|
Well, since I'm also a server admin, I know that it's really not that complex.
(Although I don't know much about streams.)
And of course it depends on how well maintained the servers are. If the versions are not up to date, there are usually other tasks that eat up a lot more time.
If necessary, I can also offer my help.
I would have fun to contribute here. |
|
|
|
Finnster
Lieutenant Junior Grade
Joined: Oct 12, 2010
Member#: 29607
Posts: 52
Location: Atlanta
|
|
Posted:
Thu May 20, 2021 7:51 am Post subject: |
|
Having the site secure would allow for more interaction I would think.
_________________
http://www.rhythmhealer.com |
|
|
|
607
Lieutenant
Joined: Sep 19, 2018
Member#: 46975
Posts: 222
Location: Amersfoort
|
|
Posted:
Sat Jun 12, 2021 6:25 am Post subject: |
|
Is there someone we should contact about this? Maybe someone could talk to JERIC about it? |
|
|
|
 molossus
Admiral (Administrator)
Joined: Aug 09, 2005
Member#: 11167
Posts: 3311
Location: Warsaw & once in a blue moon Szczecin (Poland)
|
|
Posted:
Sat Jun 12, 2021 4:45 pm Post subject: |
|
JERIC knows about the idea brought up in this topic.
_________________
<i>"The piano keys are black and white,
But they sound like a million colors in your mind"</i>
(from "Spider's Web" by <a href="http://katiemelua.com/music/#KatieMelua">Katie Melua</a>)
Avatar is from work of art by Drew Struzan |
|
|
|
607
Lieutenant
Joined: Sep 19, 2018
Member#: 46975
Posts: 222
Location: Amersfoort
|
|
Posted:
Sun Jun 13, 2021 4:04 am Post subject: |
|
| molossus wrote: |
| JERIC knows about the idea brought up in this topic. |
Good, thanks! |
|
|
|
607
Lieutenant
Joined: Sep 19, 2018
Member#: 46975
Posts: 222
Location: Amersfoort
|
|
Posted:
Fri Sep 03, 2021 7:57 am Post subject: |
|
I think someone should try for 3 hours to get this set up. If it can't be done within that time, apparently it requires more thought and effort. But maybe it can, and then it would be well worth the time, I think. |
|
|
|
jeniferajee
Cadet 1
Joined: Oct 11, 2021
Member#: 50814
Posts: 1
|
|
Posted:
Mon Oct 11, 2021 1:03 am Post subject: |
|
SSL stands for Secure Sockets Layer and is the protocol that keeps your browser session secure. Having an SSL certificate is what adds the “S” to “HTTP.” SSL certificates are what make your browser session secure. We know that “privacy” and “security” are the hottest buzzwords around the IoT these days, but this is no mere trend—SSL is something you should absolutely have. In fact, Google has increasingly demanded SSL certificates since about 2016
Edited to remove spam link. -Morg |
|
|
|
607
Lieutenant
Joined: Sep 19, 2018
Member#: 46975
Posts: 222
Location: Amersfoort
|
|
Posted:
Tue Feb 22, 2022 10:23 am Post subject: |
|
| jeniferajee wrote: |
SSL stands for Secure Sockets Layer and is the protocol that keeps your browser session secure. Having an SSL certificate is what adds the “S” to “HTTP.” SSL certificates are what make your browser session secure. We know that “privacy” and “security” are the hottest buzzwords around the IoT these days, but this is no mere trend—SSL is something you should absolutely have. In fact, Google has increasingly demanded SSL certificates since about 2016
Edited to remove spam link. -Morg |
Even the spambots know it... I wonder what the link was for, though? You can get an SSL certificate for free, through https://letsencrypt.org/. |
|
|
|
delusion_
Cadet 1
Joined: May 07, 2002
Member#: 85
Posts: 3
Location: San Diego, CA
|
|
Posted:
Tue Dec 13, 2022 2:54 pm Post subject: |
|
This should probably be a priority for SST - most browsers are defaulting now to HTTPS-only mode - and will warn/prevent connecting to HTTP sites.
SST could use a service like CloudFlare to easily get a free SSL cert/proxy traffic. |
|
|
|
philk
Ensign
Joined: May 01, 2004
Member#: 6489
Posts: 43
|
|
Posted:
Tue Apr 25, 2023 6:38 am Post subject: |
|
I agree it should be upgraded. The would also allow me to remove the excemptions from my iOS app for non-secure http traffic. |
|
|
|
philk
Ensign
Joined: May 01, 2004
Member#: 6489
Posts: 43
|
|
Posted:
Fri Feb 09, 2024 10:39 am Post subject: |
|
Any work being done here? |
|
|
|
|
|
