Use https to login to this forum.

[Geek-9pm]

Thanks to BC_programmer for the tip.
Look at the items below:

Code: [Select]

http://www.computerhope.com/forum/
https://www.computerhope.com/forum/
What is the difference?
Both wail get you into this forum.
But the second turns on the SSL feature of your browser. So you may wish to use the S option to make your password information more secure. It has been said that without the SSL your password might be visible to some kind of evil criminals using some kind of data snatching tool.

I was usurped to learn this. From now on I will sign into Computer Hope with the SSL option on.
reference
https://www.computerhope.com/jargon/s/ssl.htm

SSL
Short for Secure Socket Layer, SSL is a protocol developed by Netscape and first introduced to the public as 2.0 in February 1995. It is used for transmitting private documents and transferring data encrypted, allowing information such as passwords or credit card information to be hidden.

 

[Thomas_JK]

Recently I have noticed that several sites have changed to https only. I often browse web with my vintage computers, and I am not excited about that, since older browsers cant do https.
And in several cases, I just wonder why make the site /forum https only?? Paranoia?
If the site /forum is lets say, about tech support for computers, or discussion about vintage cars, etc. its not like anyone is typing their credit card numbers here...

I just recently quit using two computer related sites, that went https-only. I joined computerhope forum, because I like it, that in this forum there are also boards for older OS's (Win 3.x, 9x, NT, xp), it's pleasant to use, everything functions well, and it can be used also with older browsers.
I think you have a great forum here, just want to say thank you for a job well done.

[BC_Programmer]

And in several cases, I just wonder why make the site /forum https only?? Paranoia?

it is largely part of an effort to make the web more secure.

Obviously, websites like, say, a bank website, amazon, ebay, or other sites involving sensitive information like Credit Card numbers and the like are a shoe-in for HTTPS, as you alluded.

But- HTTPS is also faster than HTTP, so it means less server load, especially paired with the new HTTP/2, which only works over https. So even from a perspective of browsing speed, there is already a good reason.

From the side of a website owner, HTTPS sites also get rank preference by Major Search Engines.

The logic is more or less that there no longer is any particularly good reason *not* to encrypt everything. What I mean is, while sending insensitive information over a secure channel is pointless, it also does no harm, which means that by encrypting everything, it's no longer determined by the website creator what you consider to be sensitive information. For example, "I'd much rather this data be transmitted over the wire in an easy to intercept plain text form" doesn't make much sense. Even if you are reasonably certain that nobody is going to care or intercept that information, there is no benefit from transmitting it in plaintext, and a number of advantages to the converse.


As for browsing on old computers, that just comes with the territory of vintage systems, I think. I have a number of older systems as well but I'd rather the web move forward and leave them behind than restrict new capabilities/features  in order to allow them to function. Even ignoring HTTPS, the web has already moved beyond what browsers on older systems are capable of, and in many cases what the system can handle as well. At this point using some older systems on the modern Web is sort of like trying to get a Tandy-101 to use the WWW in say the 90's rather than a BBS.

[Thomas_JK]

OK, this is the first time I hear any other reason for using https besides security. So it is faster than http. Is the difference notable or not? When browsing sites that previously were http, I can't say I noticed any difference, but I didn't know to expect any, so I wasn't paying attention to it and I guess that on the other hand, the website(s) might have also gotten more 'bloated'.

And about progress and web moving forward. Of course its never good to say 'I'm against of progress,' etc, and thats not how I think, but in my opinion, if progress and web moving forward is more 'eye candy', more bloated websites, and getting all that with (marginally?) faster speed... I'm just not so interested. And about site /forum such as this, I can't think of new capabilities or features that I would like to have. I like the saying, 'if it ain't broke, don't fix it'.


 

[soybean]

I disagree with the notion that HTTPS is faster than HTTP.  I have never been able to observe that in my online experience.  And a google search on this issue will reveal many references indicating HTTPS is slower than HTTP, which really makes sense since some extra work in involved when HTTPS is used.  However, this might not be noticeable with modern hardware at both ends of the process.

Regarding online forums, I generally see no need for them be HTTPS since they contain no financial information.

[BC_Programmer]

http://www.httpvshttps.com/

Technically I suppose one could argue that it is not strictly HTTPS that is faster, but rather that the session layers and feature sets which demonstrably and provably make it faster require it. In particular, SPDY, and HTTP/2 which builds upon SPDY, require HTTPS. These sort of a myriad of performance issues with HTTP by adding Multiplex streams, request prioritization, HTTP header compression, Resource hinting, etc.

It would perhaps be better to say that HTTPS has a much, much higher speed limit than HTTP.

Furthermore, HTTP/2, which I mentioned above, integrates the SPDY session layer into the protocol. But these speed advantages are only ever realized over TLS (HTTPS). They can *never* be seen on HTTP.

A somewhat better explanation on the whole thing can be found  here.

[camerongray]

Performance aside, it would definitely be a good idea to at the very least enforce HTTPS on the login page (which would effectively be the entire forum due to the login box at the top of the pages).  Let's face it, people are going to reuse important passwords like their email password for registering on this site, when handling passwords or any other data sensitive to a user, you should always be transmitting it over HTTPS.  The site already has HTTPS support so making it default is hardly a difficult task.

[patio]

We also have a good amount of Users that run older OS's and browsers...

[camerongray]

We also have a good amount of Users that run older OS's and browsers...

It would be interesting to see the actual stats on what we have.  Even older browsers support HTTPS as long as you configure the server correctly.  There's obviously a trade off, the older the browser you support, the less secure algorithms you have to use.  You would have to look at what browsers users are using and then work out a sensible compromise between security and supporting old browsers.

When it comes to running a website, you really need to look at the statistics of what browsers people are using and decide on a set of the oldest browsers from each family you will support then stick to those, you can't keep supporting people on IE6 forever without impacting the experience for the majority of users running an up to date browser.

If you're going back far enough to support browsers that don't have any functional HTTPS support then you have to wonder if that tiny percentage of users is worth compromising the security of everyone else.

[patio]

It's not my site cameron...i was simply making a point.

[soybean]

Performance aside, it would definitely be a good idea to at the very least enforce HTTPS on the login page (which would effectively be the entire forum due to the login box at the top of the pages). 

I really had never signed in to this forum via HTTPS but this discussion lead me to try it.  I see that, if I go to login in under HTTPS, then the forum keeps my browser in HTTPS mode during the full duration of my session; it does not revert back to HTTP once I'm signed in. 

Let's face it, people are going to reuse important passwords like their email password for registering on this site, when handling passwords or any other data sensitive to a user, you should always be transmitting it over HTTPS.  The site already has HTTPS support so making it default is hardly a difficult task.

Good points!  I have a bookmark for the forum login page on Firefox's Bookmarks Toolbar.  I just changed it to direct to https://www.computerhope.com/forum/ instead of http://www.computerhope.com/forum/   

[soybean]

I just noticed some differences in how the forum works when signed in via HTTPS instead of  HTTP.  If I login under HTTP and hover my mouse over the horizontal  bar on the left side, under the username, I see some quantitative info such as (number of) Posts, Percents, and Next Level.   And, if I hover over Specs when displayed below a username on the left of the forum window, the Specs list created by the member in their profile appears.   Likewise, for members who have created a List of certifications, hovering over Lists will display that info.  When I login to the forum under HTTPS, these responses to mouse hovering do not happen.

[BC_Programmer]

Looking at the page source, the overlay logic is in a javascript file referenced at http://cdn.computerhope.com/overlib/overlib.js. Most browsers will fail due to their "same origin" policies due to the different protocol.

Actually I'm seeing many links and references that point at the http site directly; it seems that links provided by the forum software recognize that it is using https: but added stuff like the very top bar (Main page, free help, etc) link directly to http. Definitely a partial implementation.