Secure Certforums

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

How come CF is not secure when editing posts are entering login details???

Shouldn't be that hard should it? Have some kind of initive if someone designs it? or am i talking an incredible amount of b0ll0ck$

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

:hhhmmm

 

he what.....?

 

Are you guys struggling to understand what i am chatting about???

 

only thing i can think of is that you're wondering why https and certificates are not used. that it?

 

Finally!

 

ummm nope am still lost...

 

......

 

well, this is really something that only SimonV or jakamoko can answer. my guess is that it is too expensive to buy a certificate, and/or that it is too cumbersome to build in such security methods only for specific areas, and/or that vbulletin (cms engine on which cf is running) maybe doesn't support https, and/or they just didn't think it was necessary, and/or all of the above.

 

My first question is why would there be a need for such security on a message board forum such as this?

It's not a paid member site that warrants that kind of security.

I don't know the exact pricing elements of secure certificates and such but I don't think it's cheap.

That reminds me my 'go green' cheque needs writing...

 

very well put with the and/ors mate...hehe nice...

 

Pete (edit: and d-Faktor) sum this up perfectly - we at CF offer a free public forum for you all to share opinions on IT training. It ain't internet banking, we don't do e-commerce, any info you volunteer is at your own risk anyway (and we don't ask for anything confidential), so why would we need to pay (the not significant amount) for a secure certificate ?

HTH answer the question

 

I never knew you had to pay for a certificate... would you have to pay for one if you were wanting to make a FTP site secure aswell? or can that not be done?

 

As far as I know you have to pay for any certificate from a well-trusted source.

You could source your own certificate - but what would be the point - someone would come along and query it!

Harry.

 

but could you make a secure site without a certificate? ...how many people check the certification of a site if they are not putting in payment details...
one of my email accounts, i know its secure but dont bother checking the certification, cuz its only email...

 

Define what you mean by 'secure'. Most people don't check the cert, but most sites use well-known cert providers.

Occasionaly you will get a warning (if your browser is set correctly) that it doesn't recognize the cert. What do you do? Click 'Go ahead' and forget about it? That's what many do!

Harry.

 

ok, here my understanding, but i thinks its wrong now, but what can you do.

I thought about Harrys question using my little pea-sized brain and not Goooooooooogle...

I thought/thinks that when you enter a secure site, you will have https, and a padlock. type whatever, view whatever, do whatever...

whilst within the secure area, no one can view what your doing, this is done by Secure Socket Layer encryption 128bit?.

with regards to certification, a company like VeriSign? verifies that this is a secure site (i just realised this, obviously you will have to pay for the privileage), and the company will send what ever info to your computer saying this site is secure using whatever encryption and is valid till 03/07.

and thats it.

Now whilst typing this post i realised that although this is a free to use forum, (however, there are kind people who have donated), there is no need to have additional costs to the maintainance of the site (payment to Veri-Sign for certification),

however,

can this site or any site (inc FTP) be made secure whilst not having a certification for any vendor...

Quoted from Harry;

Exactly! Unless its internet banking or making online transactions like knocking your cred card details, who bothers checking???

so again i'll ask the question, cuz this is a learning curve to me and i'll just chat away...

Can this site or any site (inc FTP) be made secure whilst not having a certification for any vendor??...

I think: Yes it can - certification is only there for verification...
but can FTP sites be secure? i think: Dunno

 

Yes - you can run ftp over ssh, or use SSH FTP (sometimes called SFTP) or run scp.

As long as it is setup correctly it is very secure.

EDIT: 'Secure' means different things to different people, hence my earlier question. To some the use of authentication such as username and password is meant, to others the use of SSL and https is meant, which is more about encryption.

Harry.

 

a word of warning
any site requiring username and passwords should have an option for SSL

you have to bear in mind that most users duplicate user name and passwords across the board, and its just good practice to secure the transaction of that information
it also helps to keep CF itself secure

just my 2c on the matter


free certs can be obtained from cacert.org
how well it ties into VB is beyond me though