Opened 11 months ago

Closed 9 months ago

#1082 closed Feature Request (fixed)


Reported by: badon Owned by: kris
Priority: critical Milestone:
Component: Misc Version:
Keywords: Cc: trac-bugs@…


HTTPS security has been requested for the PCBSD forums, in the posting Forum SSL improperly configured. I marked the priority of this feature request as critical because all forum information, including passphrases, are handled with no security at all. Anyone eavesdropping on a connection will easily be able to:

  • Identify a user that may wish to remain anonymous.
  • Login to read PM's.
  • Impersonate the user for social engineering attacks.
  • Attempt to access other accounts with the same passphrase.

Change History (5)

comment:1 Changed 11 months ago by srf21c

Please make sure to enable support for TLSv1.2 with Forward Secrecy ciphers and HTTP Strict Transport Security (HSTS).

comment:2 Changed 9 months ago by joshms

  • Owner set to kris

comment:3 Changed 9 months ago by srf21c

Kris, if you *really* wanted to get l33t with the forum access security you could also implement DNSchain, this is superior to HTTPS IMHO.

comment:4 Changed 9 months ago by kris

I've put in a request with our web-admin, hopefully we can get this enabled shortly.

comment:5 Changed 9 months ago by kris

  • Resolution set to fixed
  • Status changed from new to closed

Heard back from the web-admin. We are going to do this, but can't at the moment due to how our hosting works. We are migrating to a new system in a few months and will enable it then.

I'll close the ticket for now, since they plan on doing this anyway as soon as the migration is done.

Note: See TracTickets for help on using tickets.