Let's Encrypt It’s free, automated, and open, Certificate Authority
We can use it to have https in celestia site.
sorry for posting here, I don't found a more suitable place.
(suggestion) Encryption with Let's Encrypt
(suggestion) Encryption with Let's Encrypt
Last edited by carlos on 24.08.2016, 00:43, edited 1 time in total.
and not spam, even'm serious, let's encrypt the, it is an initiative that includes mozilla can confirm
Added after 2 minutes 54 seconds:
https://en.wikipedia.org/wiki/Let's_Encrypt
https://letsencrypt.org/sponsors/
just I put the suggestion here because I thought the adm might like to have https
noting that yes, it's free
Added after 4 minutes 48 seconds:
an article
http://www.cnet.com/news/privacy-push-means-free-encryption-for-websites/
some sites that use
https://puri.sm/
https://librecmc.org/librecmc/home
https://trac.torproject.org/projects/tor
It is I will not gain anything by it, just one more site to navigate with encryption
(if you find it strange the way I speak, and because I am not a native speaking)
Added after 2 minutes 54 seconds:
https://en.wikipedia.org/wiki/Let's_Encrypt
https://letsencrypt.org/sponsors/
just I put the suggestion here because I thought the adm might like to have https
noting that yes, it's free
Added after 4 minutes 48 seconds:
an article
http://www.cnet.com/news/privacy-push-means-free-encryption-for-websites/
some sites that use
https://puri.sm/
https://librecmc.org/librecmc/home
https://trac.torproject.org/projects/tor
It is I will not gain anything by it, just one more site to navigate with encryption
(if you find it strange the way I speak, and because I am not a native speaking)
- John Van Vliet
- Posts: 2944
- Joined: 28.08.2002
- With us: 22 years 3 months
well a rewrite of the forum code would first need to be done to use https
then after that a cert can be used
but relying on cert authorities is and NEVER !!!!! was a good idea
it is in fact a VERY BAD idea when first implemented and still is
even though "Richard Stallman" is a bit of a nut case i AGREE with him on this
CA's and TC is really "treacherous computing"
then after that a cert can be used
but relying on cert authorities is and NEVER !!!!! was a good idea
it is in fact a VERY BAD idea when first implemented and still is
even though "Richard Stallman" is a bit of a nut case i AGREE with him on this
CA's and TC is really "treacherous computing"
- Alexell
- Site Admin
- Posts: 303
- Joined: 07.10.2010
- Age: 30
- With us: 14 years 2 months
- Location: Moscow, Russia
- Contact:
If you want, I can do so that website and forum work via HTTPS through letsencrypt.org certificate or hosting provider certificate.
But the question is: why it is needed? We do not share any confidential or payment data that needs to be protected. In addition, the screenshots on the forum people stick with third-party sites and HTTPS protocol will consider this threat and block them.
But the question is: why it is needed? We do not share any confidential or payment data that needs to be protected. In addition, the screenshots on the forum people stick with third-party sites and HTTPS protocol will consider this threat and block them.
Admin of celestia.space
PC: Intel Core i7-8700 @ 3.20GHz, SSD, 16 Gb RAM, NVIDIA GeForce GTX 1080, Creative Sound Blaster ZxR. Windows 10 x64.
Phone: iPhone Xs 256 Gb. iOS 14.
PC: Intel Core i7-8700 @ 3.20GHz, SSD, 16 Gb RAM, NVIDIA GeForce GTX 1080, Creative Sound Blaster ZxR. Windows 10 x64.
Phone: iPhone Xs 256 Gb. iOS 14.
- omega13a
- Posts: 120
- Joined: 15.10.2011
- Age: 40
- With us: 13 years 2 months
- Location: California
- Contact:
Not to mention there's a lot of people who use the same exact log-in info for different places. However, given the amount of traffic (or rather lack of) here, I doubt anyone would try to steel usernames and passwords from here.selden wrote:Unfortunately there are some who enjoy the disruption they can cause by stealing others' accounts.
- Alexell
- Site Admin
- Posts: 303
- Joined: 07.10.2010
- Age: 30
- With us: 14 years 2 months
- Location: Moscow, Russia
- Contact:
selden, indeed when login, password are transmitted in POST request in plain text.
But it is possible to see only one who logged in. And for this you need a sniffer. Most importantly - passwords are not stored in plain text on the server.
- Spoiler
- ucp.php?mode=login
POST /forum/ucp.php?mode=login HTTP/1.1
Host: celestiaproject.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: ucp.php?mode=login
Cookie: *******************
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 151
username=Alexell&password=**********&autologin=on&redirect=.%2Fucp.php%3Fmode%3Dlogin&sid=c905146949ce0abbd86ee82fed616395&redirect=index.php&login=Login
HTTP/1.1 302 Found
...
But it is possible to see only one who logged in. And for this you need a sniffer. Most importantly - passwords are not stored in plain text on the server.
Admin of celestia.space
PC: Intel Core i7-8700 @ 3.20GHz, SSD, 16 Gb RAM, NVIDIA GeForce GTX 1080, Creative Sound Blaster ZxR. Windows 10 x64.
Phone: iPhone Xs 256 Gb. iOS 14.
PC: Intel Core i7-8700 @ 3.20GHz, SSD, 16 Gb RAM, NVIDIA GeForce GTX 1080, Creative Sound Blaster ZxR. Windows 10 x64.
Phone: iPhone Xs 256 Gb. iOS 14.