Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

PhysicsForums and SSL, HTTPS

  1. Oct 16, 2013 #1
    Hey there,

    I noticed recently that PhysicsForums doesn't use HTTPS, not even in the login/registration pages. I find it to be a major flaw and something that should be addressed to protect the privacy/security of PF members.

    Is there a reason for not using HTTPS? Or perhaps it's coming in the next updates?
     
  2. jcsd
  3. Oct 16, 2013 #2

    Borek

    User Avatar

    Staff: Mentor

    Changing only part of the site to https is not going to change much.

    Greg wants to upgrade the forum, unfortunately, it is not clear which engine to choose. As long as it is not clear, next version of PF is in limbo.
     
  4. Oct 16, 2013 #3

    jhae2.718

    User Avatar
    Gold Member

    The NSA/CSS already has all of your personal information on file.
     
  5. Oct 16, 2013 #4
    HTTPS is not supported by this software.
     
  6. Oct 16, 2013 #5

    jedishrfu

    Staff: Mentor

    facebook and google use https urls so its definitely a good idea.
     
  7. Oct 16, 2013 #6

    D H

    User Avatar
    Staff Emeritus
    Science Advisor

    I. Just. Can't. Resist:

     
  8. Oct 16, 2013 #7

    D H

    User Avatar
    Staff Emeritus
    Science Advisor

    Getting serious, that this site does not user https means your password should be different from that used on more secure systems, and from other unsecured systems as well. It never hurts to be too paranoid when it comes to computer security.

    Even with a supposedly secured site, it's a good idea to read the sad saga of Mat Honan: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/.
     
  9. Oct 16, 2013 #8

    jedishrfu

    Staff: Mentor

    The sad thing is that what happened to Matt Honan can happen to any of us no matter what we do. HTTPS makes it more difficult to hack and co-opt a site. Beyond that there are other things that may need to be fixed to make PF more secure.

    Also in Matt's case and in others there was a human element of social engineering that completed the hack.
     
  10. Oct 16, 2013 #9
    Well, changing only part of the site to https (the login part) might/will protect a users password. I bet some people here use the same password for several sites. One guy with wireshark and ...
     
  11. Oct 16, 2013 #10
    That's a big story! 4 pages... Thanks for the light though, didn't know about it.
     
  12. Oct 16, 2013 #11

    jhae2.718

    User Avatar
    Gold Member

    Going one further, you should use a different password for each site you have an account on.
     
  13. Oct 24, 2013 #12
    Yes. That is true. Sites should, however, have an https version, one that supports forward secrecy.
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook




Similar Discussions: PhysicsForums and SSL, HTTPS
  1. Why physicsforums? (Replies: 15)

  2. Data on Physicsforums (Replies: 3)

  3. Physicsforums Mobile (Replies: 1)

  4. Goodbye Physicsforums (Replies: 42)

Loading...