|
|
Forums:
Rockclimbing.com:
Security & Scams:
Https now supported, I suggest using when you log into RC from public wifi:
Edit Log
|
|
Jeff
Owner
Dec 4, 2013, 2:21 AM
Views: 12490
|
Hey all,
https is now supported sitewide--to use it, just add a 's' to any RC url: https://www.rockclimbing.com
I suggest you use it whenever logging into RC from public wifi. Cell phones or your home/trusted internet doesn't matter much.
When you do this, you will probably see mixed-content warnings saying that some of the page content is insecure. That's because the ads aren't served over https. Afraid that's not something I can fix anytime soon, although thankfully it's also not a bid deal from a security perspective unless someone is really out to hack you.
Background:
When you access websites using http (sans the 's') your traffic to/from the website is sent in plaintext. That means anyone who is on the same wifi network can see which pages you're browsing on RC (not a big deal) plus any info you send the site, such as your password (very much a big deal).
When you add the 's' to the https, it encrypts the traffic to/from the website so only your computer and the website understands what you're doing, and anyone listening in on the wifi only sees garbled text.
In other words, http = firesheep fodder, https = no firesheep worries.
I stuck this message in General to make sure it gets seen by the site regulars, after a bit I'll move it to the Announcements/Site updates forum.
If you hit any problems with it, PM me the URL, the warning message if there is one, or a screenshot of the error.
Cheers,
Jeff
"Wearing my tinfoil hat this week"
(This post was edited by Jeff on Dec 4, 2013, 4:34 AM)
|
|
|
Edit Log:
|
|
Post edited by Jeff
(Owner) on Dec 4, 2013, 2:22 AM
|
|
Post edited by Jeff
(Owner) on Dec 4, 2013, 2:25 AM
|
|
Post edited by Jeff
(Owner) on Dec 4, 2013, 2:26 AM
|
|
Post edited by Jeff
(Owner) on Dec 4, 2013, 2:26 AM
|
|
Post edited by Jeff
(Owner) on Dec 4, 2013, 4:34 AM
|
|
|
|
|
|
