Possible to make Mozillazine login secure?

Talk about stuff specific to the site -- bugs, suggestions, and of course praise welcome.
Locked
phkhgh
Posts: 845
Joined: January 25th, 2007, 2:49 pm
Location: So. U.S.A.

Possible to make Mozillazine login secure?

Post by phkhgh »

It's been like this forever - no security certificate for login page. I don't use my UN / PW for here, on any other site, though some foolishly still do. However, kiddies could intercept anyone's PW, then impersonate them & cause lots of trouble or a ban for the real user.

We all know the web has gotten to where hackers often do malicious things for the fun? - some compromised sites or users UN & PW may have no monetary value on some sites. Little old grannies & grandpas may still not understand the risk in re-using PWs at other sites.

How much would a certificate cost per yr? What if the users with over 828 posts all chipped in - what would each have to pay. I'd guess very little.

Several other sites that I or others mentioned this to operators did eventually get valid certificates.
User avatar
DanRaisch
Moderator
Posts: 127166
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Re: Possible to make Mozillazine login secure?

Post by DanRaisch »

Moving to MozillaZine Site Discussion.

This has been discussed before. There are no financial transactions involved on the forums nor is any personal data used, other than an email address which doesn’t have to be the user's usual address. Finally, the forum administrator has been virtually incommunicado for months as they have a full time job elsewhere and it is doubtful that they would commit the time to address this.
phkhgh
Posts: 845
Joined: January 25th, 2007, 2:49 pm
Location: So. U.S.A.

Re: Possible to make Mozillazine login secure?

Post by phkhgh »

I'm a bit late responding, but there is the real threat of stolen user name / password. Though most "technically aware" users don't use the same PW on other sites, the same can't be said for many non-technical users, who often visit sites like this. I know very, very few sites / forums that still use http. A couple of software support sites that used http in last couple yrs, were asked to at least make the login page secure & they apparently thought it was a good idea.

What you say is true. Even stealing a "junk email" acct, they could cause problems & make it look like you were violating the email provider's TOS & risk getting all accts banned. You might have other more important email accts w/ the same provider & don't want to spend time trying to prove "it wasn't me" causing all the trouble.

Even if they only got a UN / PW good on this site, they could cause some headaches, get you temporarily banned (hopefully) & generally waste a lot of time. Which is why a lot of younger kids (I'm assuming) do this sort of thing, just for kicks.
rleeden
Posts: 1
Joined: October 19th, 2004, 1:24 am

Re: Possible to make Mozillazine login secure?

Post by rleeden »

I realise that nothing is likely to change on the forum regarding making it secure, but just to add to the discussion. It's not only the risk of stolen usernames / passwords there are many other risks when running a unsecured website. Even when no financial transactions are taking place. For a full explanation I would recommend reading Troy Hunt's blog on this subject: Here's Why Your Static Website Needs HTTPS

And if you have the time and interest watch the YouTube video on that page where he demonstrates some of these threats.

And regarding the cost of a certificate - there are several companies offering free certificates. See the great work that Let's Encrypt do.
Ideation_at_M
Posts: 30
Joined: October 25th, 2013, 12:29 am

Re: Possible to make Mozillazine login secure?

Post by Ideation_at_M »

I have been very guilty with one of my sites in this area of security and this thread reminds me to be more responsible in the community sense at that site, because I have slowly come to realize these forums are no longer simply websites. They are communities. The key aspect of these forums/communities is the human element. No humans and no website. The problem is that I have for so long been stuck in the thinking that a community is only identified as such if is in brick-and-mortar setting, which is wrong. It is the human element that defines a community, whether brick-and-mortar or online. So just as you would not want to start to drastically reduce funding for your police force in the brick-and-mortar community, one should have a similar regard for online community security.

I think this was the first time I logged onto here using a much older OS and FireFox, so the first time to see that warning about logging into an environment that some professional seems to think is not secure. It has been a warning to me to be more respectful of the citizens in my own community that is not properly secure. Kind of like I do not think I would be so happy at a brick-and-mortar community border if I saw a big sign board as I drove into that town/village that stated the community was not so safe because the funding for their already tiny police force had been reduced by 50%. Or something like that.

I think I will give my admin team on that site a few funds to get that site adding that 's' thingy to the address. Sort of like I have seen an 'SOS' which stands for Spend On Security.
User avatar
James
Moderator
Posts: 27999
Joined: June 18th, 2003, 3:07 pm
Location: Made in Canada

Re: Possible to make Mozillazine login secure?

Post by James »

Ideation_at_M wrote:I think I will give my admin team on that site a few funds to get that site adding that 's' thingy to the address.
https://letsencrypt.org/
Locked