Page 2 of 2

Re: SSL

Posted: Thu May 04, 2017 8:25 am
by Russell
Charles,

Consider adding your site into Cloudflare (Use the free account option) and you'll get SSL for free as well. This is what I use for texas3006.com. You'll also get the added benefit of spam bot and other web compromise filtering. It's a reverse proxy service, so you shouldn't have to make any changes on your host side.

Feel free to call me if you want to chat about it. I'm a pretty happy Cloudflare user.

Re: SSL

Posted: Thu May 04, 2017 10:44 pm
by warnmar10
Charles L. Cotton wrote:I'll check with our web host about an SSL.

Chas.
My web host offers free SSL and Cloudflare.

Re: SSL

Posted: Fri May 19, 2017 9:02 am
by Charles L. Cotton
The Forum now has an SSL. You need to reach the Forum using https://TexasCHLforum.com or https://www.TexasCHLforum.com to avoid the security warning you get by using www.TexasCHLforum.com.

Chas.

Re: SSL

Posted: Fri May 19, 2017 10:21 am
by JustSomeOldGuy
Charles L. Cotton wrote:The Forum now has an SSL. You need to reach the Forum using https://TexasCHLforum.com or https://www.TexasCHLforum.com to avoid the security warning you get by using http://www.TexasCHLforum.com.

Chas.
:thumbs2:

Re: SSL

Posted: Thu Jun 29, 2017 2:50 am
by tyree
Charles L. Cotton wrote:The Forum now has an SSL. You need to reach the Forum using https://TexasCHLforum.com or https://www.TexasCHLforum.com to avoid the security warning you get by using http://www.TexasCHLforum.com.

Chas.
Thanks Charles.

May I also recommend that you set the site up to auto redirect all http requests to https? This will make it very easy for all users of the site to gain the security benefits even if they forget to type the "https" or don't realize the dangers of using http in this context. With the auto-redirect, all users will be protected from password theft, non-authentic posts & edits, etc. and the forum will have a smaller surface area for security attacks. This approach is considered a standard in the IT industry and doesn't really have a downside for forum users or stakeholders.

Each platform has different ways of configuring auto-force ssl/[pre-paid legal]. I haven't worked with phpbb recently, but you might start looking at adding a couple of lines to the .htaccess file. (cf. https://www.phpbb.com/community/viewtop ... &t=1977025)

Re: SSL

Posted: Thu Jun 29, 2017 5:38 am
by The Annoyed Man
tbrown wrote:Thank you for the quick reply. I recently got the warning about username/password not being secure. I'll add an exception for the site.
koiseptember wrote:Thank you for the quick reply. I recently got the warning about username/password not being secure. I'll add an exception for the site.

goldenslot
gclub online
This is getting monotonous.....

Re: SSL

Posted: Thu Jun 29, 2017 8:15 am
by flechero
strogg wrote: Granted I'm good enough to use a unique super random password for this site, not everyone does.
So "TXCHL" isn't unique? OOOhh- I can switch it to something super secret with numbers in it like "45acprules" Uncrackable, right? :lol:

Just having fun! :tiphat:

Re: SSL

Posted: Thu Jun 29, 2017 7:35 pm
by JustSomeOldGuy
flechero wrote:
So "TXCHL" isn't unique? OOOhh- I can switch it to something super secret with numbers in it like "45acprules" Uncrackable, right? :lol:

Just having fun! :tiphat:
This one is entertaining, along those lines....
https://howsecureismypassword.net/