• If you enjoy the forum please consider supporting it by signing up for a NES Membership  The benefits pay for the membership many times over.

SSL for login: I will donate $50 to make it happen

Besides SSL, how about an audit page?

That will tell us all the IP addresses (city, state, country) that were used to log into my account.

If I see something bizarre, I'd know my account was hacked.

Better yet, 2 Step Verification.

I ONLY use a couple computers and my phone for NES.

I'd like to lock out all others but keep a "key" - 2 Step Verification- in case I am on vacation in a secure location.
 
Just log into Go Daddys website, it's easy and cheap. There are others out there, but that is a starting point for information.

Sent from my SM-P600 using Tapatalk
 
Squire said:
As an entrepreneur, I've found that a great litmus test for the viability of an idea is when the average expert vehemently rejects the idea, then you know you are on to something.
Click to expand...

Depends on what the field and who the expert is. In this case, the only benefit is for the tinfoil hat club crypto fetish more than anything else.
 
You rang? To the OP and unless Derek has objection maybe a poll to see how much the membership would support this move ?

How much would it add to yearly membership cost?

drgrant said:
Depends on what the field and who the expert is. In this case, the only benefit is for the tinfoil hat club crypto fetish more than anything else.
Click to expand...
 
Last edited:
$60-$250/year for a cert, depending on options and features. I've set some small businesses up with quite good options for around $110/year for 3 years. The cheapies can be a pain.
 
I believe I cleaned up the last of the non-relevant links. I'm going to test it out for the next few days before announcing it beyond this thread or making it default...

Let me know if you guys find anything still pointing back to the non-secure side.
 
Only glitch I've seen is in Feedback. I was leaving feedback, and the field for the deal thread rejected the hyperlink as invalid until I removed the 's' from http.
 
For shits and giggles I decided to add https to the start of the address and I saw the lock icon, indicating in Safarai that I'm on a secure connection. When I cliced onto this thread, the lock icon disappeared.

Is this normal for Safarai? I'm running an iPad2 with iOS 8.4.0
 
HTTPS Everywhere

I use EFF's HTTPS Everywhere plugin for Chrome, Firefox and Firefox/Android to force the site to SSL. I had to manually add a rule to force all of NES to always use HTTPS even on my old bookmarks, etc.
 
Navy Moose said:
For shits and giggles I decided to add https to the start of the address and I saw the lock icon, indicating in Safarai that I'm on a secure connection. When I cliced onto this thread, the lock icon disappeared.

Is this normal for Safarai? I'm running an iPad2 with iOS 8.4.0
Click to expand...

I have every link pointing to HTTPS by default now. There is the possibility of a linked image, or something along those lines to remain non secure. If anyone can find out what elements are showing up as insecure, I'll look into it.
 
sHORTY said:
I have every link pointing to HTTPS by default now. There is the possibility of a linked image, or something along those lines to remain non secure. If anyone can find out what elements are showing up as insecure, I'll look into it.
Click to expand...

If I load up https://www.northeastshooters.com or https://northeastshooters.com, I get taken to http://www.northeastshooters.com/vbulletin/content/

Can you configure the web server itself to force a 301 redirect to HTTPS if HTTP is detected? Looks like nginx with some kind of cloudflare integration?
 
cmc said:
If I load up https://www.northeastshooters.com or https://northeastshooters.com, I get taken to http://www.northeastshooters.com/vbulletin/content/

Can you configure the web server itself to force a 301 redirect to HTTPS if HTTP is detected? Looks like nginx with some kind of cloudflare integration?
Click to expand...

All set, I missed that redirect.

And to answer the question - Litespeed with cloudflare.

To clarify, I'm not going to set the entire site to force SSL - people can still utilize regular HTTP if desired. However, the default is now SSL.
 
sHORTY said:
All set, I missed that redirect.

And to answer the question - Litespeed with cloudflare.

To clarify, I'm not going to set the entire site to force SSL - people can still utilize regular HTTP if desired. However, the default is now SSL.
Click to expand...

Looks good! [thumbsup]
 
Reptile said:
Derek,

If you can get a secure SSL set up for logins, I will donate $50 for the cause.

Let me know...
Click to expand...
what about requiring paswords to be a minimum length of X with at least 1 cap, 1 lower, 1 number and 1 special character. would this not raise the odds of not being cracked easily.
 
CTpatriot said:
what about requiring paswords to be a minimum length of X with at least 1 cap, 1 lower, 1 number and 1 special character. would this not raise the odds of not being cracked easily.
Click to expand...

I'm not a fan at all of forced password security. All it does is make people write down their password, or store it in some other less secure method. As a whole, I'll do everything in my power to keep things secure here, but individual security is up to the individual.
 
sHORTY said:
I'm not a fan at all of forced password security. All it does is make people write down their password, or store it in some other less secure method. As a whole, I'll do everything in my power to keep things secure here, but individual security is up to the individual.
Click to expand...

this.
 
sHORTY said:
I'm not a fan at all of forced password security. All it does is make people write down their password, or store it in some other less secure method. As a whole, I'll do everything in my power to keep things secure here, but individual security is up to the individual.
Click to expand...

Ahh, that old "personal responsibility" deal again. Not sure that most folks can deal with that anymore! [wink]
 
CTpatriot said:
what about requiring paswords to be a minimum length of X with at least 1 cap, 1 lower, 1 number and 1 special character. would this not raise the odds of not being cracked easily.
Click to expand...

This is called "creating an administrative nightmare". Strong passwords are a good thing but forcing them in most cases ends up in a decrease in security when people save them more often, put them on post-it notes, etc.

-Mike
 
drgrant said:
This is called "creating an administrative nightmare". Strong passwords are a good thing but forcing them in most cases ends up in a decrease in security when people save them more often, put them on post-it notes, etc.

-Mike
Click to expand...

Exactly. I'm personally a fan of password managers IE: Dashlane, Lastpass, etc.

I have absolutely no idea what my password is for this, or almost any site, except for work-related things where I end up going with the default of incrementing a number on this insanely stupid long password every 30 days when I change it.
 
atilla said:
$25 finder's fee to me, $25 donation to comm2a?
Click to expand...

The money is suppose to go toward the effort and expense on account of Derek, Shorty, and any required fees.

Shorty, please run this by Derek and let me know where to send the $50.

I would put it toward Comm2a in the name of NES if requested!
 
Reptile said:
The money is suppose to go toward the effort and expense on account of Derek, Shorty, and any required fees.

Shorty, please run this by Derek and let me know where to send the $50.

I would put it toward Comm2a in the name of NES if requested!
Click to expand...

There were no additional expenses put toward this - I would vote you go with a charitable donation if you feel the need.
 

Similar threads

You have insufficient privileges to reply here
Replies
6
Views
159
AJK129
AJK129
How do I Remove Dealer-bumped Classified Posts, from the "New Posts" Page List
Replies
6
Views
285
IPSC_DRL
IPSC_DRL
how to post handgun for sale I am a member
Replies
13
Views
710
Picton
Picton
Contact form for administrator?
Replies
1
Views
230
chris_1001
chris_1001
Forum Support Request: Twitter to X Preview Support in Postings
Replies
1
Views
253
safetyfirst2125
safetyfirst2125
Back
Top Bottom