1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Secure Certforums

Discussion in 'The Lounge - Off Topic' started by Mr.Cheeks, Apr 19, 2006.

  1. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    How come CF is not secure when editing posts are entering login details???

    Shouldn't be that hard should it? Have some kind of initive if someone designs it? or am i talking an incredible amount of b0ll0ck$
     
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,199
    125
    199
    :blink :unsure :hhhmmm :blink
     
  3. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
  4. noelg24

    noelg24 Terabyte Poster

    3,334
    26
    139
    he what.....? :dry
     
    Certifications: A+
    WIP: my life
  5. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    Are you guys struggling to understand what i am chatting about???
     
  6. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    only thing i can think of is that you're wondering why https and certificates are not used. that it? :blink
     
  7. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    Finally! :p
     
  8. noelg24

    noelg24 Terabyte Poster

    3,334
    26
    139
    ummm nope am still lost...
     
    Certifications: A+
    WIP: my life
  9. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    ......
     
  10. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    well, this is really something that only SimonV or jakamoko can answer. my guess is that it is too expensive to buy a certificate, and/or that it is too cumbersome to build in such security methods only for specific areas, and/or that vbulletin (cms engine on which cf is running) maybe doesn't support https, and/or they just didn't think it was necessary, and/or all of the above. 8)
     
    Last edited by a moderator: Jan 2, 2015
  11. Pete01

    Pete01 Kilobyte Poster

    492
    23
    42
    My first question is why would there be a need for such security on a message board forum such as this?

    It's not a paid member site that warrants that kind of security.

    I don't know the exact pricing elements of secure certificates and such but I don't think it's cheap.

    That reminds me my 'go green' cheque needs writing...
     
    Certifications: MCP (NT4) CCNA
    WIP: 70-669, Learning MSI packaging
  12. noelg24

    noelg24 Terabyte Poster

    3,334
    26
    139
    very well put with the and/ors mate...hehe nice...
     
    Certifications: A+
    WIP: my life
  13. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    Pete (edit: and d-Faktor) sum this up perfectly - we at CF offer a free public forum for you all to share opinions on IT training. It ain't internet banking, we don't do e-commerce, any info you volunteer is at your own risk anyway (and we don't ask for anything confidential), so why would we need to pay (the not significant amount) for a secure certificate ?

    HTH answer the question :)
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  14. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    I never knew you had to pay for a certificate... would you have to pay for one if you were wanting to make a FTP site secure aswell? or can that not be done?
     
  15. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    As far as I know you have to pay for any certificate from a well-trusted source.

    You could source your own certificate - but what would be the point - someone would come along and query it!

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  16. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    but could you make a secure site without a certificate? ...how many people check the certification of a site if they are not putting in payment details...
    one of my email accounts, i know its secure but dont bother checking the certification, cuz its only email...
     
  17. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224

    Define what you mean by 'secure'. Most people don't check the cert, but most sites use well-known cert providers.

    Occasionaly you will get a warning (if your browser is set correctly) that it doesn't recognize the cert. What do you do? Click 'Go ahead' and forget about it? That's what many do!

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  18. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    ok, here my understanding, but i thinks its wrong now, but what can you do.

    I thought about Harrys question using my little pea-sized brain and not Goooooooooogle...
    I thought/thinks that when you enter a secure site, you will have https, and a padlock. type whatever, view whatever, do whatever...

    whilst within the secure area, no one can view what your doing, this is done by Secure Socket Layer encryption 128bit?.

    with regards to certification, a company like VeriSign? verifies that this is a secure site (i just realised this, obviously you will have to pay for the privileage), and the company will send what ever info to your computer saying this site is secure using whatever encryption and is valid till 03/07.

    and thats it.

    Now whilst typing this post i realised that although this is a free to use forum, (however, there are kind people who have donated), there is no need to have additional costs to the maintainance of the site (payment to Veri-Sign for certification),

    however,

    can this site or any site (inc FTP) be made secure whilst not having a certification for any vendor...

    Quoted from Harry;
    Exactly! Unless its internet banking or making online transactions like knocking your cred card details, who bothers checking???

    so again i'll ask the question, cuz this is a learning curve to me and i'll just chat away...

    Can this site or any site (inc FTP) be made secure whilst not having a certification for any vendor??...

    I think: Yes it can - certification is only there for verification...
    but can FTP sites be secure? i think: Dunno
     
  19. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    Yes - you can run ftp over ssh, or use SSH FTP (sometimes called SFTP) or run scp.

    As long as it is setup correctly it is very secure.

    EDIT: 'Secure' means different things to different people, hence my earlier question. To some the use of authentication such as username and password is meant, to others the use of SSL and https is meant, which is more about encryption.

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  20. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    a word of warning
    any site requiring username and passwords should have an option for SSL

    you have to bear in mind that most users duplicate user name and passwords across the board, and its just good practice to secure the transaction of that information
    it also helps to keep CF itself secure

    just my 2c on the matter


    free certs can be obtained from cacert.org
    how well it ties into VB is beyond me though :)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0

Share This Page

Loading...