https on the forums

[togg]

As the title says, any chance to have https here? I'm not sure how hard it would be to deploy but since the websites relies heavely on scripts it would be best.

[Timber Wolf]

15 minutes ago, togg said:

As the title says, any chance to have https here? I'm not sure how hard it would be to deploy but since the websites relies heavely on scripts it would be best.

What does HTTPs have to do with running scripts?  Maybe I'm missing something, but HTTPs has only to do with security (by purchasing an SSL certificate and applying it to the site).  The only other advantage I know of for using HTTPs, is that Google searches give more weight to secured sites.

[togg]

1 hour ago, Timber Wolf said:

What does HTTPs have to do with running scripts?  Maybe I'm missing something, but HTTPs has only to do with security (by purchasing an SSL certificate and applying it to the site).  The only other advantage I know of for using HTTPs, is that Google searches give more weight to secured sites.

Scripts are the insecure part of the websites, ence the connection. It's not only about the secrecy of data transmitted but about a malicious use of javascript by a third party.

And they don't have to buy a certificate, it's free: https://letsencrypt.org/

deployment cost something.

[Timber Wolf]

1 minute ago, togg said:

Scripts are the insecure part of the websites, ence the connection. It's not only about the secrecy of data transmitted but about a malicious use of javascript by a third party.

I see what you mean.  And these days, you can never be too careful!

[AZHockeyNut]

+1 to this. There is little reason anymore to NOT run httpS by default with anything on the web. Especially if it asks for login info or anything personally identifiable. Even if they are logging debug info on the server. Logging the IP of the visitor, for example, can be considered such info and also, in some places, can be considered a liability if you are breeched.