Turn on HTTPS/SSL by default?

ForumsWish List

Bryan
Bryan
Joined: 27 Apr 05
Posts: 7
Credit: 13036175
RAC: 0
19 Oct 2014 5:00:34 UTC
Topic 197757
(moderation:
    )

    I'd like to see HTTPS for the website and for the project scheduler/downloading [1].

    Seems like a really imporant thing to do security wise. Could someone hijack the schduler and have E@H users do arbitary work?

    I'm happy to help with the infrastructure side (I work in Linux tech support), if there is anything I can do..

    Thanks!
    Bryan

    [1] https://boinc.berkeley.edu/trac/wiki/SecureHttp
    [2] https://www.ssllabs.com/ssltest/analyze.html?d=einstein.phys.uwm.edu

    Logforme
    Logforme
    Joined: 13 Aug 10
    Posts: 332
    Credit: 1714373961
    RAC: 0

    Turn on HTTPS/SSL by default?

    19 Oct 2014 6:55:16 UTC
    Message 124170
    (moderation:
      )

      Quote:
      I'd like to see HTTPS for the website and for the project scheduler/downloading


      I like this suggestion. All sites should default to encryption. Especially if the site handles user information.

      Quote:
      Could someone hijack the schduler and have E@H users do arbitary work?


      Or make users download binaries infected with trojans?

      https://www.eff.org/https-everywhere/deploying-https

      Logforme
      Logforme
      Joined: 13 Aug 10
      Posts: 332
      Credit: 1714373961
      RAC: 0

      Just noticed the site is now

      2 Apr 2015 8:16:08 UTC
      Message 124171
      (moderation:
        )

        Just noticed the site is now HTTPS, very nice!
        One thing I noticed was that I got a warning when pressing the login button saying that the page is encrypted but the information sent to the server is not.

        Anyway, great work guys. Definitely a big step forward. Thank you.

        Comment viewing options

        Select your preferred way to display the comments and click "Save settings" to activate your changes.

        ForumsWish List