Hoosier Mountain Bike Association

Club News & Information (H.M.B.A.) => HMBA Website Suggestions, Comments, etc. => Topic started by: djkouza on November 16, 2014, 07:22:00 PM

Title: Website via SSL / HTTPS
Post by: djkouza on November 16, 2014, 07:22:00 PM
Not sure how I never noticed this, but the website is defaulted to http, and seems that trying https results in an error.  I'm at the airport currently, and will check again later. I'd be more than happy to help in getting the site setup with an SSL certificate.
Title: Re: Website via SSL / HTTPS
Post by: mtbikernate on November 18, 2014, 10:41:31 AM
Is that necessary for anything?


Will it cost anything?


It has not been on our priority list in the past - it's never been discussed as being important.
Title: Re: Website via SSL / HTTPS
Post by: Hocky on November 18, 2014, 11:11:58 AM
The only real benefit that it offers is to prevent plain text passing of passwords. The rest of the data being plain text is kind of irrelevant since it is being posted to a public forum, anyway.
Title: Re: Website via SSL / HTTPS
Post by: djkouza on November 18, 2014, 02:58:12 PM
The only real benefit that it offers is to prevent plain text passing of passwords. The rest of the data being plain text is kind of irrelevant since it is being posted to a public forum, anyway.
This, I think I only noticed it because I was logging in from the airport and always am extra sure that when on public WiFi I use SSL for EVERYTHING.  Basically you can get a cert for free (though some browsers may complain about it)  I think GoDaddy they are like $60/year or something.


 As Hocky said, the main concern is that when you login to the Forum your password is being transmitted as Plain text, so anyone who is on the same Network with you could fairly easily capture that network traffic and have you username and password.  While we may not care about someone getting our HMBA.org password, I would bet some coin that many people use the same password for other things too.


I think the biggest thing is just checking how difficult it is to setup SSL with the current webhost. 


Here is one site which I've used for Free Certs that is reputable. https://www.startssl.com/?app=1


In the end I'd say if it's not too hard to setup on the hosting provider side (typically it's a 5 minute setup if not less)  I'd say it's a good thing to have.
Title: Re: Website via SSL / HTTPS
Post by: mtbikernate on November 18, 2014, 06:15:32 PM
There is a board meeting tomorrow night. I will bring this topic up. I think our hosing service offers ssl but I will have to check pricing. That would probably be the easiest but I will explore the free options, too.

You are correct that it's a rare person who uses different passwords for every website.
Title: Re: Website via SSL / HTTPS
Post by: Dave Tozer on November 18, 2014, 08:07:51 PM
Might want to get a new "service".  ;)
Title: Re: Website via SSL / HTTPS
Post by: mtbikernate on November 19, 2014, 11:52:17 AM
Our hosTing provider doesn't offer SSL certificates.  It pretty much requires you to get one from a third party.  Since the startssl website provides Level 1 certificates for free, I went ahead and registered for one and should be able to install it either tonight or tomorrow.


Thanks for the suggestion.
Title: Re: Website via SSL / HTTPS
Post by: djkouza on November 19, 2014, 01:33:34 PM
 8)   Awesome.  Thanks!
Title: Re: Website via SSL / HTTPS
Post by: mtbikernate on November 19, 2014, 02:57:49 PM
Got the security certificate installed.  The verification went through sooner than I expected.


It's created some hiccups with content embedded elsewhere on the site, so I'm dealing with those.  I got the trail status indicators fixed and displaying on pages viewed with https protocol.  Right now I'm trying to get the trail guide content fixed.


Some of the content may wind up being not viewable if you're using a secure connection.  We'll have to see how that pans out.
Title: Re: Website via SSL / HTTPS
Post by: Steve King on November 19, 2014, 04:39:46 PM
Check it out (https).  We're now secure!  Nate rocks!
 
https://www.hmba.org/smf/index.php (https://www.hmba.org/smf/index.php)
Title: Re: Website via SSL / HTTPS
Post by: djkouza on November 19, 2014, 04:56:11 PM
Check it out (https).  We're now secure!  Nate rocks!
 
https://www.hmba.org/smf/index.php (https://www.hmba.org/smf/index.php)
Yeah!!  +100  very quick turn around to getting the SSL installed.  Thanks Nate!