TacComms is one of the few sites that I visit that still doesn't offer HTTPS connections. Even though I doubt there's anything particularly sensitive being discussed here (maybe some people send bank accounts in PMs after trades/sales?), I still feel pretty uncomfortable connecting to HTTP websites.

CS, any plans to do anything about this? I realise it might not be your highest priority, but IMO internet connections should be encrypted wherever possible.

At this point, there are no plans for secure server capability. The problem with this is that it requires additional cost for secure certificatation, which needs to be renewed, plus the administration and setting up on the server end of things, and its something else that could go wrong.

When the full site is more the way that I want it to be, then its possible, and additional features may even require it. I get that no-one really wants non-encrypted web comms, but aside from passwords (which shouldnt be the same anyway) I cant see a pressing need at this time.

_________________
https://www.cybershadow.ninja - A brief look into my twisted world, including wargames and beyond.
https://www.net-armageddon.org - The official NetEA (Epic Armageddon) site and resource.

Hi CS, did you know that you can set up an SSL proxy for free via cloudflare? You can use their signed SSL cert, then just set up a self-signed one at your end (ie free). Or, you can even set it up so that it will do SSL from the browser to their servers, then HTTP from their servers to yours. Slightly less secure, but no configuration at all.

_________________
Kyrt's Battle Result Tracker (forum post is here)
Kyrt's trade list

I did not.... But, I am still not convinced that its something that we NEED right now... Do we?

_________________
https://www.cybershadow.ninja - A brief look into my twisted world, including wargames and beyond.
https://www.net-armageddon.org - The official NetEA (Epic Armageddon) site and resource.

Nope. We need lots of people playing tournaments and doing playtests for lists in development....

_________________
https://epic40ksweden.wordpress.com/

"You have a right to be offended" - Steve Hughes
"Your feelings are hurting my thoughts" - Aron Flam

It's my personal opinion that a site should never be set up to send login credentials in plain text, not because it bothers me myself but mostly to protect the 99% of people who don't look out for these things when they use open wifi. All the other risks are I think highly unlikely to be problems (man in the middle attacks etc) and nobody is going to be sending credit card details on the site (I hope!).

I myself know enough to make my own choice about whether to use the site, what information to keep in PMs, what password to use etc but I think it's good practice to consider that most people just assume the site is secure with their password.

_________________
Kyrt's Battle Result Tracker (forum post is here)
Kyrt's trade list

Basically what Kyrt said. Not using HTTPS is only really defensible if you assume every user knows how easy it is for an attacker to sit on their network and skim their username/password, along with anything they send through PMs etc. Realistically, a lot of the TacComms userbase won't know this, and those that don't are probably also the people most likely to reuse user/password combinations across multiple sites.

I'm not a website admin, so I have no idea how hard it is to set up SSL certificates (seems like Kyrt knows something about this, though). I would expect that it's reasonably easy, and certainly well documented. Given the potential risks, I'd say that it's well worth spending the time to set up (assuming there aren't large costs involved). I don't like to volunteer others, but maybe you could ask Kyrt or someone for assistance implementing HTTPS if you don't have the time or experience?

I don't think that https is necessary for a forum like this. I've been on plenty of forums which don't use it, and nothing untoward has ever happened. Just take sensible precautions about the information which you share here is my advice.

_________________

Thanks for your comments guys. I am going to file this under 'nice, non-priority'. It will be added to the list and I will look into the facility for these boards running over https, and the process for implimenting it at the server level.

_________________
https://www.cybershadow.ninja - A brief look into my twisted world, including wargames and beyond.
https://www.net-armageddon.org - The official NetEA (Epic Armageddon) site and resource.

note that it is likely only a matter of time (perhaps a long time)... at some point browsers could stop supporting non-encrypted connections.

https://blog.mozilla.org/security/2015/ ... cure-http/

_________________
Uti possidetis, ita possideatis.
May your beer be laid under an enchantment of surpassing excellence for seven years!
An online epic force creator: Armyforge