Join the Season of the Stars Remix Event!
skip
Home » Forums » Features » SSL login

SSL login

m0°ntan
.
permalink   Tue, Mar 28, 2017 @ 4:31 AM
Sorry if this happens to be a redundant topic but I couldn’t find any forum search to verify no-one had asked this question before.

Have you considered implementing secure logins, using letsencrypt certificates for example? It helps lose the uncanny feeling one gets when logging on without https :-)
zczero
.
permalink   Fri, Oct 27, 2017 @ 2:37 AM
Yeah, it’s a good idea but the costs are unknown how much this will cost in both time and money. I’ll keep you posted if I find out more.
 
.
permalink   tempaccount Sat, Sep 15, 2018 @ 11:20 AM
Quote: zczeroYeah, it’s a good idea but the costs are unknown how much this will cost in both time and money. I’ll keep you posted if I find out more.

This is not about being a good idea.

if you value your users security you will implement this as soon as possible.

I personally will not login with my account until you sort it out.

It’s absolutely ridiculous that there is no SSL certificate on login. This means a plain text password is transmitted over the internet where people can intercept it and harvest passwords.

Are you aware how bad this is?

Lets encrypt costs you nothing.

At the very least. create a login page with SSL on it

as in:

you click ‘login’

it goes to a login page with SSL, and you log in

What language is your site written in?
 
.
permalink   Disaster of Music Fri, Jan 1, 2021 @ 4:09 PM
Quote: zczeroYeah, it’s a good idea but the costs are unknown how much this will cost in both time and money. I’ll keep you posted if I find out more.

That’s a very 1995 stance toward security. In fact there are several poor security practices on the site, like password limits. In 2021, you shouldn’t have any password restrictions on passwords except limiting the input to 100 or 200 characters and checking against compromised password lists.

If you have been breached would you even know? You’re just opening yourself up for a lawsuit.

Setting up TLS (https://) literally takes 10 minutes. Even if you’re proxing through a load balancer.
 
.
permalink   kenmunro Tue, Aug 9, 2022 @ 11:30 AM
Quote: zczeroYeah, it’s a good idea but the costs are unknown how much this will cost in both time and money. I’ll keep you posted if I find out more.

With Lets Encrypt, it’s free.
https://letsencrypt.org/
 
.
permalink   Snowflake Sat, Sep 10, 2022 @ 12:47 PM
Due to our database structure, we are unable to use Lets Encrypt, that and other solutions we’ve investigated in detail many times. we’re in the process of reconstructing things and when that is finished we will have SSL. thanks for your patience.