39
RTRMS
7y

Security for 2017: Because SSL has nothing to do with security, and just Google's way of increasing it's monopoly...

Comments
  • 2
    Can you explain? I dont do web stuff
  • 31
    They have styled a plain text input field to look like a password field to remove the security warning that modern browsers place on PW fields when the site has no SSL cert, aka https.
  • 15
    @RTRMS WTF? It’s not that hard or expensive to make and secure website.

    My budget is 0$ but I registered free CF domain, secured it with let’s encrypt and made mail with my own domain on Zoho.

    Why are some people that stupid?
  • 2
    @just-basic-user fuuuck knows. I use cloudflare which is also free, but alos on my VPS I roll my own.
  • 2
    Whoa, what site is this?
  • 2
  • 2
    @RTRMS
    Thanks, added to ublock list. Fucking assholes.

    They might as well just put email address and password in plain text on their fucking homepage.
  • 1
    But Google doesn't even sell ssl certs
  • 3
    @DuckyMcDuckFace You are making the mistake of trying to apply logic to idiots.
  • 0
    @RTRMS ehh, you know cloudflares https is nit secure right?
  • 1
    @kalippu google updated thier results algo a few months back to promote security, so everything else being equal, the HTTPS site will rank higher than its HTTP competitors.
  • 0
    Fuck my life that’s horrific, they should be ashamed.
  • 0
    @Jifuna could you elaborate? Are we talking the “flexible” option in Cloudflare or something worse?
  • 0
    @JonStodle As far as I know only the connection from the user to the client is secured not from clouflare to you server. So it is still send unencrypted over the internet.
  • 1
    @Jifuna ye, but that portion is unencrypted between CF an dyour server, not something the real world has access to without knowing your actual servers IP address, something not exposed by CF, so while it is technically less secure, its not unsecure.

    You also can have an SSL cert on your server which encrypts the connection between CF and your actual server, its just a dif CF config.
  • 0
    True, you're right. Didn't know you could encrypt the connection between cf and the server
  • 1
    @Jifuna yes. CF allows for both self-signed and from recognized CA. The best part is of course the caching and superior DNS interface (which I prefer over any other I’ve used)
  • 0
    @JonStodle ah okay. Yeah indeed I have all my domains by cloudflare
Add Comment