PhysicsForums and SSL, HTTPS

  • Thread starter Crake
  • Start date
  • #1
Crake
66
1
Hey there,

I noticed recently that PhysicsForums doesn't use HTTPS, not even in the login/registration pages. I find it to be a major flaw and something that should be addressed to protect the privacy/security of PF members.

Is there a reason for not using HTTPS? Or perhaps it's coming in the next updates?
 
Physics news on Phys.org
  • #2
Changing only part of the site to https is not going to change much.

Greg wants to upgrade the forum, unfortunately, it is not clear which engine to choose. As long as it is not clear, next version of PF is in limbo.
 
  • #3
The NSA/CSS already has all of your personal information on file.
 
  • #5
facebook and google use https urls so its definitely a good idea.
 
  • #6
jedishrfu said:
facebook and google use https urls so its definitely a good idea.
I. Just. Can't. Resist:

jhae2.718 said:
The NSA/CSS already has all of your personal information on file.
 
  • #7
Getting serious, that this site does not user https means your password should be different from that used on more secure systems, and from other unsecured systems as well. It never hurts to be too paranoid when it comes to computer security.

Even with a supposedly secured site, it's a good idea to read the sad saga of Mat Honan: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/.
 
  • #8
The sad thing is that what happened to Matt Honan can happen to any of us no matter what we do. HTTPS makes it more difficult to hack and co-opt a site. Beyond that there are other things that may need to be fixed to make PF more secure.

Also in Matt's case and in others there was a human element of social engineering that completed the hack.
 
  • #9
Borek said:
Changing only part of the site to https is not going to change much.

Greg wants to upgrade the forum, unfortunately, it is not clear which engine to choose. As long as it is not clear, next version of PF is in limbo.

Well, changing only part of the site to https (the login part) might/will protect a users password. I bet some people here use the same password for several sites. One guy with wireshark and ...
 
  • #10
D H said:
Getting serious, that this site does not user https means your password should be different from that used on more secure systems, and from other unsecured systems as well. It never hurts to be too paranoid when it comes to computer security.

Even with a supposedly secured site, it's a good idea to read the sad saga of Mat Honan: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/.

That's a big story! 4 pages... Thanks for the light though, didn't know about it.
 
  • #11
D H said:
Getting serious, that this site does not user https means your password should be different from that used on more secure systems, and from other unsecured systems as well. It never hurts to be too paranoid when it comes to computer security.

Going one further, you should use a different password for each site you have an account on.
 
  • #12
jhae2.718 said:
Going one further, you should use a different password for each site you have an account on.

Yes. That is true. Sites should, however, have an https version, one that supports forward secrecy.
 

What is PhysicsForums?

PhysicsForums is an online community and discussion forum for scientists, researchers, and students interested in physics and related fields.

What is SSL?

SSL (Secure Sockets Layer) is a security protocol used to establish a secure and encrypted connection between a web server and a web browser. It ensures that any data exchanged between the two cannot be intercepted or tampered with by third parties.

What is HTTPS?

HTTPS (Hypertext Transfer Protocol Secure) is the secure version of HTTP, the protocol used for communication between a web server and a web browser. It uses SSL to encrypt the data exchanged between the two, providing an additional layer of security for online interactions.

Why is PhysicsForums using HTTPS?

PhysicsForums is using HTTPS to ensure the security and privacy of its users. By using SSL encryption, any sensitive information exchanged on the forum, such as login credentials or personal data, is protected from being intercepted by hackers or other malicious actors.

Is it safe to use PhysicsForums over HTTPS?

Yes, it is safe to use PhysicsForums over HTTPS. The use of SSL encryption ensures that any data exchanged on the forum is secure and cannot be accessed by unauthorized parties. However, it is always important to practice safe internet habits and protect your personal information while using any online platform.

Similar threads

Privacy of Members on Physicsforums: What is Stored and Protected?
    • Feedback and Announcements
Replies
3
Views
2K
Emails/Forums Say My IP is X, Avast Says My IP is Y....How Possible?
    • Computing and Technology
Replies
4
Views
797
Suggestion Ambiguous wording of "You have insufficient privileges to reply here"
    • Feedback and Announcements
Replies
9
Views
1K
What's Coming in Physics Forums 4.0?
    • Feedback and Announcements
5
Replies
147
Views
15K
Simpler alternatives to SQL-like databases
    • Programming and Computer Science
2
Replies
50
Views
4K
Physics Forums Privacy Policy
    • Feedback and Announcements
Replies
0
Views
94K
Diagnosing intermittent "can't find IP" errors
    • Computing and Technology
2
Replies
35
Views
5K
Boy, Do We Have Threads On The Double-Slit
    • Feedback and Announcements
Replies
23
Views
2K
I Black Hole Fire Walls, Brick Walls, and the Casimir Effect
    • Quantum Physics
Replies
6
Views
754
Do you want to build a website?
    • Programming and Computer Science
Replies
15
Views
1K

Hot Threads

Recent Insights

Back
Top