Pennsylvania Firearm Owners Association
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 28
  1. #11
    Join Date
    Dec 2012
    Location
    Langhorne, Pennsylvania
    (Bucks County)
    Posts
    328
    Rep Power
    5877350

    Default Re: Can we get some HTTPS up in here?

    I've been around long enough to recall the referenced thread... Back then, I didn't care as much, but this idea has come due. No site should be non-SSL (TLS 1.2 or better) these days.
    "A nation of sheep will beget a government of wolves." ― Edward R. Murrow

  2. #12
    Join Date
    Oct 2010
    Location
    Lebanon, Tennessee
    Posts
    4,941
    Rep Power
    21474854

    Default Re: Can we get some HTTPS up in here?

    As someone trying to change a forum to https, I can confirm the difficulty of such a venture. The cost benefit seems hardly worth it considering the nature of this forum.
    Life has a melody. Not great, not terrible.

  3. #13
    Join Date
    Jan 2013
    Location
    Cranberry Twp, Pennsylvania
    (Butler County)
    Posts
    978
    Rep Power
    21474848

    Default Re: Can we get some HTTPS up in here?

    I'd be more than willing to help get this set up. Working in IT, I deal with this constantly. I'd say the benefit is well worth it, as it confirms every user sending a username/password to the server isn't getting intercepted by a malicious party. Working with "end users" daily, it's common place for people to reuse passwords. While that habit is bad, it happens, and if those passwords can get stolen it increases chances of popping their other accounts.

    Sorry for all the techy talk here, but just trying to add some benefit to the effort. If i'm able to assist I'd be glad to!

  4. #14
    Join Date
    Mar 2008
    Location
    Lansdowne, Pennsylvania
    (Delaware County)
    Age
    37
    Posts
    5,994
    Rep Power
    3189407

    Default Re: Can we get some HTTPS up in here?

    Quote Originally Posted by JustinHEMI View Post
    As someone trying to change a forum to https, I can confirm the difficulty of such a venture. The cost benefit seems hardly worth it considering the nature of this forum.
    it's not really hard AT ALL. the only work Dan (or whoever) has to do is generate some free certs, change the configs some, reboot apache or nginx or whatever and then make sure all non-https links are being proxied correctly so it doesn't result in a mixed content warning...

    it's actually kind of a joke that in 2019, a political site like PAFOA isn't running over HTTPS...
    Peace, Prosperity, and Liberty

  5. #15
    Join Date
    Jan 2013
    Location
    Cranberry Twp, Pennsylvania
    (Butler County)
    Posts
    978
    Rep Power
    21474848

    Default Re: Can we get some HTTPS up in here?

    No it's not, especially with lets encrypt. We just need an admin to get this going....

  6. #16
    Join Date
    Jan 2012
    Location
    somewhere, Pennsylvania
    Posts
    621
    Rep Power
    21474849

    Default Re: Can we get some HTTPS up in here?

    Quote Originally Posted by andrewjs18 View Post
    it's actually kind of a joke that in 2019, a political site like PAFOA isn't running over HTTPS...
    Yes, Exactly. We are a big juicy target just waiting to be attacked. I'm confident there are elements out there that would love to identify and dox our users.

    Whether you want to admit it or not, lack of HTTPS does put our members at risk. Not all of our members are tech savvy and I believe forums like this one should endeavor to provide HTTPS, at a minimum, in order to attempt to protect the privacy and security of our users. In 2019, it's almost negligent not to do so.

    In addition to the password reuse issue, anyone who uses the PM feature to contact another member about an item in the classifieds has to disclose some sort of alternate contact info which could itself be considered sensitive. I'm betting not everyone creates a new burner email every time and then monitors it diligently for a reply.

    In case anyone hasn't noticed, gun rights are under attack, and the opposition doesn't really seem to care about fighting fair.

    I'm very thankful to those who have volunteered their time to help fix this issue. I'm hoping someone with the authority to act takes someone up on their offer.
    I am not a lawyer.

  7. #17
    Join Date
    Dec 2012
    Location
    Langhorne, Pennsylvania
    (Bucks County)
    Posts
    328
    Rep Power
    5877350

    Default Re: Can we get some HTTPS up in here?

    Can we get an admin to weigh in? What's it going to take? Money? Labor? I will help with both. This really needs to happen - we need to secure this site and everything that goes between it and our members.
    "A nation of sheep will beget a government of wolves." ― Edward R. Murrow

  8. #18
    Join Date
    Jan 2013
    Location
    Cranberry Twp, Pennsylvania
    (Butler County)
    Posts
    978
    Rep Power
    21474848

    Default Re: Can we get some HTTPS up in here?

    Quote Originally Posted by djeuch View Post
    Can we get an admin to weigh in? What's it going to take? Money? Labor? I will help with both. This really needs to happen - we need to secure this site and everything that goes between it and our members.
    are the admins listed somewhere? I'd tag them here if I knew their user names. Like was previously mentioned, we could have this fixed in less than 2 minutes with the right people to provide access.

  9. #19
    Join Date
    Mar 2008
    Location
    Lansdowne, Pennsylvania
    (Delaware County)
    Age
    37
    Posts
    5,994
    Rep Power
    3189407

    Default Re: Can we get some HTTPS up in here?

    Quote Originally Posted by buckengr View Post
    Yes, Exactly. We are a big juicy target just waiting to be attacked. I'm confident there are elements out there that would love to identify and dox our users.

    Whether you want to admit it or not, lack of HTTPS does put our members at risk. Not all of our members are tech savvy and I believe forums like this one should endeavor to provide HTTPS, at a minimum, in order to attempt to protect the privacy and security of our users. In 2019, it's almost negligent not to do so.

    In addition to the password reuse issue, anyone who uses the PM feature to contact another member about an item in the classifieds has to disclose some sort of alternate contact info which could itself be considered sensitive. I'm betting not everyone creates a new burner email every time and then monitors it diligently for a reply.

    In case anyone hasn't noticed, gun rights are under attack, and the opposition doesn't really seem to care about fighting fair.

    I'm very thankful to those who have volunteered their time to help fix this issue. I'm hoping someone with the authority to act takes someone up on their offer.
    we probably shouldn't even get started on the type of password hashing that's used on here...hopefully it's better than md5.
    Peace, Prosperity, and Liberty

  10. #20
    Join Date
    Mar 2008
    Location
    Lansdowne, Pennsylvania
    (Delaware County)
    Age
    37
    Posts
    5,994
    Rep Power
    3189407

    Default Re: Can we get some HTTPS up in here?

    Quote Originally Posted by pens87pgh View Post
    are the admins listed somewhere? I'd tag them here if I knew their user names. Like was previously mentioned, we could have this fixed in less than 2 minutes with the right people to provide access.
    last I knew, danp owned the site. as per their team listing, it still says he's an admin:

    http://forum.pafoa.org/showgroups.php
    Peace, Prosperity, and Liberty

Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Move to https://
    By free in forum Support & Suggestions
    Replies: 38
    Last Post: March 21st, 2016, 10:23 PM
  2. https://thefirearmlawyers.com
    By carl_g in forum NFA/Class 3/Title II
    Replies: 0
    Last Post: December 30th, 2014, 09:49 PM
  3. https://www.checkpointusa.org unbelievable
    By Biggworm in forum General
    Replies: 0
    Last Post: January 7th, 2009, 04:53 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •