» Intern0t HTTPS option

[s3my0n]

I was thinking, intern0t only has http server, and it's bad for client side security because somebody can mitm members and get their packets to and fro intern0t plaintext, giving away username and password.

As intern0t runs on apache, I think it's easy to implement https as well as http option for security.

What do you think?

[sud0xe]

If your only reason being more defence against MITM attacks then its probably pointless as the HTPS protocall is vulnerable to MITM attack also. Tunneling your HTTP traffic over SSH.

[s3my0n]

Quote:

Originally Posted by sud0xe

If your only reason being more defence against MITM attacks then its probably pointless as the HTPS protocall is vulnerable to MITM attack also. Tunneling your HTTP traffic over SSH.

I'm saying if HTTPS is easy to implement then why not do it?

And btw, Google spent heaps of money to just make https default protocol for their webservers. So I think there is a reason for Intern0t to do it ^^

[Tsukasa]

Ssh tunneling xD

[MaXe]

At this point it would cost us 50$ if we want a real SSL certificate which is "trusted".

If you're willing to pay 50$ then I'll be happy to add it to InterN0T :-) I can't deny
however, that we might apply a SSL certificate in the future (either our own or a
real "trusted" one) but at the current point it is not going to happen.

I do have a SSL certificate that I can use for our VPS, but that can't be applied
due to a limitation in how 1and1 is set up. However we might move host anyway.