ADISC via HTTPS (SSL Encryption)

[Moo]

ADISC.org is now available via HTTPS, for increased privacy.

We're offering using similar encryption to that used by e-commerce sites.

If you want to test out using ADISC via an encrypted, HTTPS connection, use this link: ADISC with Encryption.
Your browser should already support this, so you should not need to download or install anything to make this work.

Note that:
(1) The encryption might slow down page load times very slightly.
(2) It is not guarenteed to be bug-free. You may get warnings, such as "root certificate not recognized", or bugs (such as being redirected back to the http:// version) may occur.

If you do encounter bugs or problems with it, please post about them here so I can take a look.

[aj1983]

Quote:

Originally Posted by Moo

If you do encounter bugs or problems with it, please post about them here so I can take a look.

Only problem i've noticed so far with the https address is the "top 10 stats" and "latest posts" list on https://www.adisc.org/forum/ never seem to load. They work ok for others?

[h3g3l]

Quote:

Originally Posted by aj1983

Only problem i've noticed so far with the https address is the "top 10 stats" and "latest posts" list on https://www.adisc.org/forum/ never seem to load. They work ok for others?

Good catch. As of right now, I get the same outcome as you.

[Moo]

You're right, the "Top Stats" box on the homepage won't load when using SSL. I'll investigate...

[h3g3l]

Quote:

Originally Posted by Moo

You're right, the "Top Stats" box on the homepage won't load when using SSL. I'll investigate...

Maybe it's hard-coded as "http://"+$URLPATH or what have you.

[markdude84]

I've just tried this and it redirects to the "standard" unencrypted http version...

[Moo]

Quote:

Originally Posted by markdude84

I've just tried this and it redirects to the "standard" unencrypted http version...

Fixed.

[Zagete]

I'm sorry to ask this, but what would be the benefits of HTTPS over HTTP other than keeping your password safe? (:/ I srsly don't know D=)

[Pojo]

Clicking on a picture in the Gallery sets it back to http://. It doesn't switch back afterwards.

So does the banned members log

[UnMarth]

Quote:

Originally Posted by Zagete

I'm sorry to ask this, but what would be the benefits of HTTPS over HTTP other than keeping your password safe? (:/ I srsly don't know D=)

It says for "increased privacy" basically meaning no one can snoop on your web activites, from a router logging all the URLs of all the HTTP data that passes though it? However, you can still log the IP it's connecting to. With that, you can do reverse DNS and/or get the SSL certificate and see what it is valid for, to which You'll find it's adisc.org.

But there is no way of telling who you are (what is your username) and what you post and what pages you are looking at. Provided everything is over https/SSL and therefore should be encrypted. An analogy being, people see you walk in and out of the doctors, but don't know what you are saying when you are behind those doors.


I am quiet surprised that Moo decided to implement this, because it's going to take allot of work to implement fully. A while ago I did think whether adisc should use HTTPS for privacy reasons, because at times I feel that clear text is inadequate, despite whether some one is or isn't snooping. It just increases confidence within the system.

I don't have the time at the moment, but I may have a little play around and see what things are and what does what on this site that breaks down the confidence of the system.