Upgrade to https?

[quackerz]

Hello,

I noticed that this website is using http, which means all forms, username/password are sent in cleartext to the server. A hacker can sniff the traffic and obtain the username and password quite easily.

An SSL certificate (https) is easy to obtain and it encrypts all traffic so sniffing isn't possible. Let's Encrypt is a non-profit certificate authority that's popular among server admins and provides free certificate. Popular linux distros such as debian and centos even have built-in python scripts (certbot) to automate the process, which only takes seconds.

I host my own websites so I'm kinda experienced with these stuff. I'm happy to help with the process.

 

[wrench13]

I think the host for our forum might have to agree to it. We dont 'own' Parrotforums. The admin folks will know for sure. Good ifea though, my companyis all https. Good suggestion.,lets see what they say.

 

[Scott]

Not feasible at the moment. Link to prior discussion, last post is explanation from our Administrator: http://www.parrotforums.com/technical-support/74446-website-not-secure-warning-when-logging.html

 

[quackerz]

Not feasible at the moment. Link to prior discussion, last post is explanation from our Administrator: http://www.parrotforums.com/technical-support/74446-website-not-secure-warning-when-logging.html

Have they considered a reverse proxy like nginx or apache? The SSL is handled at the reverse proxy layer and VB3 would still receive unencrypted data from the localhost reverse proxy server. Theoretically it doesn't need to change a lot at all.

 

[Scott]

I don't have the background to intelligently discuss server systems or software. The Admin's most recent post from the link serves as guidance until amended.