What's new

Is this forum really sending my password over http?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Shame on you. :)
 
You guys think that supporting HTTPS is as simple as flicking a switch on? Trust me, it isn't. And it's usually not free either.

A lot of the forums that I visit are http-only. You make it sound as if SNB was in the minority there - it isn't. So no need to get snarky about it, quite honestly.
 
Things have gotten easier and cheaper though. Certificates are $6 and cloudflare has ssl in their free plan now afaik.
 
Simpler for sure, but on my NAS, a certificate is $12/yr. No new domain registration needed.
Forcing port 80 to shove the users to HTTPS/SSL is a check-box.
A hosting service must have cheap/easy ways to do this for all their eCommerce customers.

But truly, I don't see the need for HTTPS on this kind of forum. Nothing to protect that I know of.
 
Honestly, I was surprised there was no SSL.

Not a big deal though. Forum accounts are literally the lowest priority of any credentials I catalogue.



I assumed HTTPS was much more CPU intensive, but apparently when Google defaulted Gmail to HTTPS they recorded little to no change in system load. https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
 
Honestly, I was surprised there was no SSL.

Not a big deal though. Forum accounts are literally the lowest priority of any credentials I catalogue.



I assumed HTTPS was much more CPU intensive, but apparently when Google defaulted Gmail to HTTPS they recorded little to no change in system load. https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html

Pretty sure Google isn't using mere i7 or entry-level Xeon however. :) Also, quite a few load balancer will also support SSL offloading, to improve performance. The addition of AES instructions to the Intel instruction set probably helped quite a bit as well.

With modern processors, httpd is more IO-bound than a CPU power issue, so I can understand that SSL does not make a big impact. And if Google uses gzip/mod_deflate, then their image-light web designs mean that very little data needs to be encrypted. An image-intensive website would be another story.
 
Similar threads
Thread starter Title Forum Replies Date
OzarkEdge Ads on top of forum content... Suggestion Box 35

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top