We hope you enjoy your visit.

You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.


Join our community!


If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
  • Pages:
  • 1
HTTPS/SSL Support; Offer SSL Support
Topic Started: Jan 15 2016, 07:51 PM (2,566 Views)
hack13
Member Avatar
Member
[ * ]
I was wondering if you have considered allowing https/ssl support especially since LetsEncrypt project is now out and working making boards Https/SSL even if it is just on the login section.
Offline Profile Quote Post Goto Top
 
SlyCooperFan1
Member Avatar
Coder
[ *  *  *  * ]
Let's Encrypt is more complicated than you may think, as is suddenly enabling HTTPS support everywhere on ZB. Custom domains is the biggest issue, since SSL requires domain verification and ZetaBoards wouldn't be able to automatically provide that for all custom domains added to each forum.

That being said, efforts towards automatic HTTPS on all default ZetaBoards URLs, if possible, would be really great to see.
Offline Profile Quote Post Goto Top
 
VSW
Member
[ *  * ]
I was wondering switching my forum to https is it totally optional ?
Because some browsers & devices including me cannot access 90% of https sites.

Meaning me & other members of my forum will be completely locked out.
Offline Profile Quote Post Goto Top
 
Etrix1
Member Avatar
Member
[ * ]
I really don't think BBS's needs SSL because if a hacker hacks a bbs the only thing he/she would find is emails and not a credit card. But that's just me.
Offline Profile Quote Post Goto Top
 
VSW
Member
[ *  * ]
Etrix1
Jan 27 2017, 04:55 AM
I really don't think BBS's needs SSL because if a hacker hacks a bbs the only thing he/she would find is emails and not a credit card. But that's just me.
Well there's nothing wrong with having extra security options........BUT if that extra security causes issues or lack of access for certain browser types of members then I think it should be completely optional.

Cause not everyone uses the same browser, not every browser nor every device access the same forum the same way as well as the next device or browser.
Edited by VSW, Jan 27 2017, 12:34 PM.
Offline Profile Quote Post Goto Top
 
Joe
Member Avatar


Since this topic was started over a year ago, I think it's worth bringing this discussion up to speed with where we are at.

SSL is on Brandon's priority list and its implementation will likely coincide with our final solution for CloudFlare, both of which are in progress.
Offline Profile Quote Post Goto Top
 
VSW
Member
[ *  * ]
Joe
Jan 27 2017, 05:35 PM
Since this topic was started over a year ago, I think it's worth bringing this discussion up to speed with where we are at.

SSL is on Brandon's priority list and its implementation will likely coincide with our final solution for CloudFlare, both of which are in progress.
Would it be optional, would have the option to our forums to https or leave as http if those of us didn't want to switch ?

Or once it's done then all forums change to https ?
Offline Profile Quote Post Goto Top
 
Joe
Member Avatar


I'm sure that will be clarified later on. There are a number of approaches to HTTPS that Brandon is considering at this point.

HTTPS/SSL support does help boost Google search page rank, so that would certainly be a positive benefit for ZB/zIF communities.
Offline Profile Quote Post Goto Top
 
VSW
Member
[ *  * ]
Joe
Jan 28 2017, 01:42 AM
I'm sure that will be clarified later on. There are a number of approaches to HTTPS that Brandon is considering at this point.

HTTPS/SSL support does help boost Google search page rank, so that would certainly be a positive benefit for ZB/zIF communities.
Yes that's understandable & great but even if there's the chance it causes access issues to some users wouldn't it be more beneficial as having a switch to https an option & left that decision up to the administrators of their forums.


Why risk alienating even a small group by not having it as an option if or whenever it's ready because when certain sites like facebook, google, etc etc went https there were lots of users with trouble accessing anything https.



I'm asking because i'm worried, I just joined a forum (non-ZB/zIF) a few weeks ago & they have https as an option & unfortunately a few administrators of forums selected that choice, now me & others with lots of complaints have been locked out of those https forums as if permanently banned.

It's crazy because you haven't been kicked out just someone has changed the locks on the door & everything you've worked hard putting together is stuck inside.

I'm not asking ZB/zIF don't apply https security just because of me or whatever, i'm asking for it as an option not mandatory so there's nobody regardless of browser type getting automatically locked out because of that extra security which would possibly deny them entry their forums.



Edited by VSW, Jan 28 2017, 10:50 AM.
Offline Profile Quote Post Goto Top
 
Gaomon274
Member Avatar
Member
[ *  *  *  * ]
I'm someone who uses an older browser on one of my machines so I can understand that concern.


What if each page defaulted in HTTP and had a link you could click on to choose and load the page with HTTPS in mind or just have it that we can manually add/remove the "S" if we wanted HTTP vs HTTPS for those that might have issues loading HTTPS pages?
Offline Profile Quote Post Goto Top
 
Nicolas
Member Avatar
"PLES RING IF AN RNSER IS REQIRD."

Like it or not, the Internet is moving to HTTPS Mozilla has announced its plans to deprecate non-secure HTTP, apps on iOS devices need to connect to websites using HTTPS (if users want an iOS app or just Tapatalk, then this matters). This trend will continue, and ZetaBoards will have to move with it at some point.
If you can't access HTTPS sites, you have a larger problem on your hands (certain sites need to be secure - like web banking), and if you have a browser or device which cannot handle HTTPS it is really quite old, given HTTPS was created for Netscape in '94, and we've only gotten more modern since then.
Offline Profile Quote Post Goto Top
 
VSW
Member
[ *  * ]
Gaomon274
Jan 28 2017, 03:09 PM
I'm someone who uses an older browser on one of my machines so I can understand that concern.


What if each page defaulted in HTTP and had a link you could click on to choose and load the page with HTTPS in mind or just have it that we can manually add/remove the "S" if we wanted HTTP vs HTTPS for those that might have issues loading HTTPS pages?

I'm glad you can understand.
And as long as it gives users a choice that would be great.

"Nicolas"
 
Like it or not, the Internet is moving to HTTPS Mozilla has announced its plans to deprecate non-secure HTTP, apps on iOS devices need to connect to websites using HTTPS (if users want an iOS app or just Tapatalk, then this matters). This trend will continue, and ZetaBoards will have to move with it at some point.
If you can't access HTTPS sites, you have a larger problem on your hands (certain sites need to be secure - like web banking), and if you have a browser or device which cannot handle HTTPS it is really quite old, given HTTPS was created for Netscape in '94, and we've only gotten more modern since then.

I understand that but this isn't banking & nor is every device made by apple.

I get users want security i'm not denying that or wanting to keep them from it but what happen to no boundaries or limitations for those that want to use it.
Does that only apply to those willing or able to keep up with current technological trends.

Of course Apple is pushing something & claiming it's mandatory, they're the same company that drop features from their products & tell consumers they're the ones who don't want it anymore.

Yes ZB/zIF will have to move with it at some point but i'm only asking/hoping for an option a guarantee that all who wants to & has been using ZB/zIF communities to continue doing so.

Other forum communities added https as an option, a choice for users, i'm hoping ZB/zIF does the same & not become a service where finding answers is always easy and free but only if you aren't inferior.







Edited by VSW, Jan 28 2017, 05:20 PM.
Offline Profile Quote Post Goto Top
 
SlyCooperFan1
Member Avatar
Coder
[ *  *  *  * ]
Security is not optional. Not in our world, not in the environment on the internet. If you can't access HTTPS websites, you need to address that, because at some point down the road, the entire internet will be HTTPS. The lack of HTTPS on ZetaBoards is yet another symptom of the well-documented lack of any upgrades, but if ZB will continue to exist, Brandon will have to implement HTTPS at some point. "Optional" isn't an option.
Offline Profile Quote Post Goto Top
 
Stephen
Member Avatar
Twilight is upon me, and soon night must fall.

Brandon has quietly been working on https for several months. There are several hurdles that had to be overcome-particularly for older boards with older javascript, css, etc.

While https is more secure, it's not necessarily correct for every site. A one size fits all approach doesn't always work. As is the case of forcing https on sites like this one. So yes, this is something we've been aware of and it is something that will be addressed. But, much like other issues, forcing this on us comes at the cost of other features that have been on the list for some time. And thanks to Mozilla, it forces https to the top of the list.
Offline Profile Quote Post Goto Top
 
taespr
Member Avatar
Member
[ * ]
Thanks for information.
Offline Profile Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
Go to Next Page
« Previous Topic · Service Discussion and Feedback · Next Topic »
Add Reply
  • Pages:
  • 1