HTTPS

Offer ideas and suggestions on how you think this forum can be improved.

Moderators: marco_polo, Producethis, Lambster, babybmwadmin, Rich196

Post Reply
User avatar
Timewarp
Enthusiastic Member
Enthusiastic Member
Posts: 708
Joined: Wed Mar 30, 2016 1:22 pm

HTTPS

Post by Timewarp » Mon May 30, 2016 6:31 pm

My suggestion is for the site to use HTTPS in order to protect user passwords. Even though it's a public forum, many people tend to use the same password across sites, so if a password was grabbed by a hacker for babybmw, chances are the password might work somewhere more important like Gmail or a bank login. Also this could protect your PMs from being read by others if you're on an untrusted network (coffee shop or at work) - it's really easy for somebody with the right tools to intercept plain HTTP traffic.

Free TLS/SSL certificates are available from https://letsencrypt.org/ (their script can even install it for you)
m140i... arrived!

Black / Black / Auto / Ad Sus / HK / Comfort Package / Sun Pro / Pro-Nav / Seat & Wheel Heating / Comfort Access / Rev Cam / Folding Mirrors / Mem Seats / T Load / Adaptive LEDs / HB Assist / Park Assist

User avatar
rusty13
Too Much Time To Waste Member
Too Much Time To Waste Member
Posts: 3823
Joined: Thu May 30, 2013 7:30 pm

Re: HTTPS

Post by rusty13 » Mon May 30, 2016 6:45 pm

+1
M135i Estoril Blue - 5 Door - Manual
Image

User avatar
babybmwadmin
Site Administrator
Site Administrator
Posts: 952
Joined: Wed Dec 31, 2003 12:57 am
Location: Belfast, Northern Ireland
Contact:

Re: HTTPS

Post by babybmwadmin » Tue May 31, 2016 10:54 am

This has been mentioned in the past, however, until something is put in place, like any other system, usage of the same password is not advised.

User avatar
Timewarp
Enthusiastic Member
Enthusiastic Member
Posts: 708
Joined: Wed Mar 30, 2016 1:22 pm

Re: HTTPS

Post by Timewarp » Tue May 31, 2016 11:28 am

babybmwadmin wrote:This has been mentioned in the past, however, until something is put in place, like any other system, usage of the same password is not advised.
Unfortunately users rarely take notice of this advice, instead opting to use "something they can remember".
m140i... arrived!

Black / Black / Auto / Ad Sus / HK / Comfort Package / Sun Pro / Pro-Nav / Seat & Wheel Heating / Comfort Access / Rev Cam / Folding Mirrors / Mem Seats / T Load / Adaptive LEDs / HB Assist / Park Assist

mikeyscott
Enthusiastic Member
Enthusiastic Member
Posts: 889
Joined: Mon Apr 28, 2014 9:47 pm
Location: Hampshire

Re: HTTPS

Post by mikeyscott » Tue May 31, 2016 12:11 pm

babybmwadmin wrote:This has been mentioned in the past, however, until something is put in place, like any other system, usage of the same password is not advised.
Completely agree and I've used this to gain greater access when we've done pen testing.

HTTPS is easy to do, but the passwords is the bigger issue.
135i E82 2011 Alpine White, Birds B1, Michelin PSS
Volvo C30 D4 R - Daily
VW Golf MK5 R32 09 - Gone and miss the traction.
123d E87 59 - Gone
Volvo S40 T5 Polestar 08 - Gone - Missed as mega comfortable
Seat Leon Cupra 03 - Gone

User avatar
Timewarp
Enthusiastic Member
Enthusiastic Member
Posts: 708
Joined: Wed Mar 30, 2016 1:22 pm

Re: HTTPS

Post by Timewarp » Tue May 31, 2016 2:51 pm

mikeyscott wrote:
babybmwadmin wrote:This has been mentioned in the past, however, until something is put in place, like any other system, usage of the same password is not advised.
Completely agree and I've used this to gain greater access when we've done pen testing.

HTTPS is easy to do, but the passwords is the bigger issue.
I'm a pentester too!
m140i... arrived!

Black / Black / Auto / Ad Sus / HK / Comfort Package / Sun Pro / Pro-Nav / Seat & Wheel Heating / Comfort Access / Rev Cam / Folding Mirrors / Mem Seats / T Load / Adaptive LEDs / HB Assist / Park Assist

Dudda
Junior Member
Junior Member
Posts: 38
Joined: Mon Feb 15, 2016 1:38 pm

Re: HTTPS

Post by Dudda » Sun Jun 05, 2016 9:33 pm

I'd recommend the free version of cloud flare. It's a dead easy to get setup
https://www.cloudflare.com

Sent from my A0001 using Tapatalk

EB135
Experienced Member
Experienced Member
Posts: 329
Joined: Thu Jan 15, 2015 10:21 pm

Re: HTTPS

Post by EB135 » Sun Jun 05, 2016 10:11 pm

Dudda wrote:I'd recommend the free version of cloud flare. It's a dead easy to get setup
https://www.cloudflare.com

Sent from my A0001 using Tapatalk
+1 for this. I set it up on my personal site in about 10 mins. Just needed a DNS change.

Longer term, you should still get a certificate for your server. Free at startssl, let's encrypt etc.

Do you need a hand setting up?
2016 M140i with the same spec plus Pro Nav.

2015 pre-LCI M135i auto. Adaptive lights, adaptive suspension, nav, HK, folding mirrors, drivers comfort, sun protection package.

Post Reply

Return to “Forum Ideas & Suggestions”