New SSL "Secure Server"
Posted: Sat May 21, 2011 5:25 pm
The transition of 70thExplorers.com to the new web server is complete. With this, come some new feature options. The first one I'd like to implement is SSL encryption, also known as a "secure server". In fact, it's already working. If you type in https instead of http, you will get the encrypted connection (You can see an example here: https://70thexplorers.com/ ). For the time being, though, it's not truly secure, since some of the links still point back to unencrypted pages.
You might wonder why in the world we need encryption. The answer: password security. How many of you log into the forums while using hotel internet... or an open WiFi connection at Panera, Starbucks, or McDonalds? If you do, then anyone with the proper tools can see your password as you submit it. And while a hacked forum account might not be the end of the world, how many of you use the same password for your email? ...for Amazon? ...for your bank?
So we're trying to shore up our own defenses. For the next couple of weeks, we'll be doing some testing. If all goes well, I'd like the forums to be switched to mandatory SSL. Nothing new is required from the users. Aside from having to save your passwords in your browser again, it shouldn't be noticeable.
If you have concerns, questions, or objections, please voice them here over the next few days.
Thanks!
You might wonder why in the world we need encryption. The answer: password security. How many of you log into the forums while using hotel internet... or an open WiFi connection at Panera, Starbucks, or McDonalds? If you do, then anyone with the proper tools can see your password as you submit it. And while a hacked forum account might not be the end of the world, how many of you use the same password for your email? ...for Amazon? ...for your bank?
So we're trying to shore up our own defenses. For the next couple of weeks, we'll be doing some testing. If all goes well, I'd like the forums to be switched to mandatory SSL. Nothing new is required from the users. Aside from having to save your passwords in your browser again, it shouldn't be noticeable.
If you have concerns, questions, or objections, please voice them here over the next few days.
Thanks!