• There has been a recent cluster of spammers accessing BARFer accounts and posting spam. To safeguard your account, please consider changing your password. It would be even better to take the additional step of enabling 2 Factor Authentication (2FA) on your BARF account. Read more here.

Why isn't BARF using https?

ScottRNelson

ScottRNelson

Adventure and Dual Sport
Joined
Aug 3, 2002
Location
Meridian, ID
Moto(s)
Honda XR650L, KTM 790 Adv R
I'm having to rebuild a computer system basically from scratch and the browser mentioned that when I was accessing BARF, it wasn't secure. Normally the browser just remembers the login from last time, but this was the first time for this particular system and I had to go deep into my memory to remember the password. Anyway, so I stuck https:// in front of the web site address and it wouldn't go through.

So I have to ask why the BARF web site isn't using the secure protocol, especially for passwords. It shouldn't be that hard to convert over, should it?
 
historically, it's been expensive to get an ssl certificate.

https://letsencrypt.org/ however is free and easy to set up so that it automatically renews. I use it now for everything. BARF tech people should set it up. Its not complicated. An hours work, tops.
 
You can get a commercial certificate from namecheap.com for like $9/year.
 
https important if transmitting credit cards or other sensitive info.
 
yeah I wonder why it matters for a public forum?

(oh, but yeah maybe for the mod and other underground private forums...)
 
looks like an artificial requirement, just because Google and a few others say so?

It's like mandating AM radio be encrypted, to me... of course I know nothing...
 
If SEO is a goal, "Google say so" is pretty much everything.
 
it's widely becoming the standard to encrypt everything, rather than not. That's why there are efforts like letsencrypt to handle doing free certificates easily.

when you are logging into a site like BARF you are submitting your username/password in clear text across the internet. If you are like most people, you use the same password across multiple services. If you use your computer in public wifi or other insecure network, and use BARF, then your exposing that password to anyone who runs a sniffer on the network.

It used to be that the cost to encrypt everything was too high. Both the certificate cost, and the CPU cost of doing the encryption was enough to stop a lot of sites bothering, except for when they considered it "important" like credit cards.

But if anything has shown us in the industry is that there's no such thing as unimportant communications. It's all important to someone, and doing it in the clear is just not a good idea in the long run.

When it's so easy to encrypt, you might was well do it.

And yes, browser manufacturers will be increasing the pressure to encrypt everything, for those reasons.
 
^^^ Well said. :thumbup
 
matjam said:
historically, it's been expensive to get an ssl certificate.

https://letsencrypt.org/ however is free and easy to set up so that it automatically renews. I use it now for everything. BARF tech people should set it up. Its not complicated. An hours work, tops.
Click to expand...

+1 on Let's Encrypt, easy to set up and free.
 
You must log in or register to reply here.
Back
Top