PhysicsForums and SSL, HTTPS

  • Thread starter Crake
  • Start date
In summary, PhysicsForums utilizes SSL (Secure Sockets Layer) and HTTPS (Hypertext Transfer Protocol Secure) to ensure a secure connection between users and the website. This encryption technology protects sensitive information such as login credentials and personal data from potential hackers. Additionally, HTTPS also verifies the authenticity of the website, preventing any phishing attempts. Overall, the implementation of SSL and HTTPS on PhysicsForums ensures a safe and secure browsing experience for its users.
  • #1
Crake
66
1
Hey there,

I noticed recently that PhysicsForums doesn't use HTTPS, not even in the login/registration pages. I find it to be a major flaw and something that should be addressed to protect the privacy/security of PF members.

Is there a reason for not using HTTPS? Or perhaps it's coming in the next updates?
 
Physics news on Phys.org
  • #2
Changing only part of the site to https is not going to change much.

Greg wants to upgrade the forum, unfortunately, it is not clear which engine to choose. As long as it is not clear, next version of PF is in limbo.
 
  • #3
The NSA/CSS already has all of your personal information on file.
 
  • #5
facebook and google use https urls so its definitely a good idea.
 
  • #6
jedishrfu said:
facebook and google use https urls so its definitely a good idea.
I. Just. Can't. Resist:

jhae2.718 said:
The NSA/CSS already has all of your personal information on file.
 
  • #7
Getting serious, that this site does not user https means your password should be different from that used on more secure systems, and from other unsecured systems as well. It never hurts to be too paranoid when it comes to computer security.

Even with a supposedly secured site, it's a good idea to read the sad saga of Mat Honan: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/.
 
  • #8
The sad thing is that what happened to Matt Honan can happen to any of us no matter what we do. HTTPS makes it more difficult to hack and co-opt a site. Beyond that there are other things that may need to be fixed to make PF more secure.

Also in Matt's case and in others there was a human element of social engineering that completed the hack.
 
  • #9
Borek said:
Changing only part of the site to https is not going to change much.

Greg wants to upgrade the forum, unfortunately, it is not clear which engine to choose. As long as it is not clear, next version of PF is in limbo.

Well, changing only part of the site to https (the login part) might/will protect a users password. I bet some people here use the same password for several sites. One guy with wireshark and ...
 
  • #10
D H said:
Getting serious, that this site does not user https means your password should be different from that used on more secure systems, and from other unsecured systems as well. It never hurts to be too paranoid when it comes to computer security.

Even with a supposedly secured site, it's a good idea to read the sad saga of Mat Honan: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/.

That's a big story! 4 pages... Thanks for the light though, didn't know about it.
 
  • #11
D H said:
Getting serious, that this site does not user https means your password should be different from that used on more secure systems, and from other unsecured systems as well. It never hurts to be too paranoid when it comes to computer security.

Going one further, you should use a different password for each site you have an account on.
 
  • #12
jhae2.718 said:
Going one further, you should use a different password for each site you have an account on.

Yes. That is true. Sites should, however, have an https version, one that supports forward secrecy.
 

FAQ: PhysicsForums and SSL, HTTPS

What is PhysicsForums?

PhysicsForums is an online community and discussion forum for scientists, researchers, and students interested in physics and related fields.

What is SSL?

SSL (Secure Sockets Layer) is a security protocol used to establish a secure and encrypted connection between a web server and a web browser. It ensures that any data exchanged between the two cannot be intercepted or tampered with by third parties.

What is HTTPS?

HTTPS (Hypertext Transfer Protocol Secure) is the secure version of HTTP, the protocol used for communication between a web server and a web browser. It uses SSL to encrypt the data exchanged between the two, providing an additional layer of security for online interactions.

Why is PhysicsForums using HTTPS?

PhysicsForums is using HTTPS to ensure the security and privacy of its users. By using SSL encryption, any sensitive information exchanged on the forum, such as login credentials or personal data, is protected from being intercepted by hackers or other malicious actors.

Is it safe to use PhysicsForums over HTTPS?

Yes, it is safe to use PhysicsForums over HTTPS. The use of SSL encryption ensures that any data exchanged on the forum is secure and cannot be accessed by unauthorized parties. However, it is always important to practice safe internet habits and protect your personal information while using any online platform.

Similar threads

Replies
147
Views
17K
Replies
0
Views
96K
Replies
35
Views
6K
Replies
23
Views
2K
  • Sticky
3
Replies
96
Views
44K
Back
Top