• Sign up or login, and you'll have full access to opportunities of forum.

October 16, 2019 - Visions of Darkness is no longer open to new registrations and will close on May 26, 2020. If you're a current member, you'll find

  • Thread starter Deleted member 16320
  • Start date
Go to CruxDreams.com

malins

Stumbling Seeker
Yes, you can use the certificate for free for a year. But then you have to pay.
We're probably talking about two different things as I mean the service offered by Let's Encrypt which issues 90-day certificates that auto-renew with certbot. And of course, one has to ask where the money is coming from, Let's Encrypt is transparent on this, https://letsencrypt.org/sponsors/ but of course, there is over a timeline of decades the risk they might collapse. In the long run we're all dead. Without being anything of a webhoster I've been able to install and use this since 2017 and it's remained free, but obviously not applicable here, so I'll shut up about it.
 

fallenmystic

Governor
I came to notice this thread by this post, and I strongly agree with what malins said above. It's pretty much a concensus among IT engineers nowadays that you should secure you website with HTTPS, if it accepts sensitive information like login credentials from its users.

While it wouldn't magically protect the website from every hacking attempt, it at least does for more trivially easy but dangerous ones, like running a network sniffer on a public network so you can collect login data from anyone who connects to non-HTTPS websites from the same network.

As mentioned above, HTTPS used to cost money but not anymore nowadays. Also, it's a common practice to run a cron job (a scheduler of a kind) to automatically renew certificates from Let's Encrypt, so it wouldn't take much additional efforts from site admins once setup correctly.
 
Last edited:

Eulalia

Poet Laureate
Staff member
I came to notice this thread by this post, and I strongly agree with what malins said above. It's pretty much a concensus among IT engineers nowadays that you should secure you website with HTTPS, if it accepts sensitive information like login credentials from its users.

While it wouldn't magically protect the website from every hacking attempt, it at least does for more trivially easy but dangerous ones, like running a network sniffer on a public network so you can collect login data from anyone who connects to non-HTTPS websites from the same network.

As mentioned above, HTTPS used to cost money but not anymore nowadays. Also, it's a common practice to run a cron job (a scheduler of a kind) to automatically renew certificates from Let's Encrypt, so it wouldn't take much additional efforts from site admins once setup correctly.
This conversation seems to be going on in two different threads.
As I said in http://www.cruxforums.com/xf/threads/ralphuss-site-gimp-forum-hacked.7972/post-514187
it's not a matter over which we staff have any control, though we can draw the site-owner, Image Maker's, attention to the question. But he pays the bills and deals with the service provider, XenForo, and any such change would be for him and them to agree on and implement.
 

fallenmystic

Governor
This conversation seems to be going on in two different threads.
As I said in http://www.cruxforums.com/xf/threads/ralphuss-site-gimp-forum-hacked.7972/post-514187
it's not a matter over which we staff have any control, though we can draw the site-owner, Image Maker's, attention to the question. But he pays the bills and deals with the service provider, XenForo, and any such change would be for him and them to agree on and implement.
I noticed the thread later but I'll just use the linked thread for continuing the discussion about the matter in future.

And I think I understand the difficulties our moderators must have, not having a direct control over such a matter. As such, I don't intend to blame or pressure anyone but I'd like to see the issue to be presented to the person who actually has a control like you mentioned.
 
Top Bottom