• Welcome to Orpington Astronomical Society.
 

News:

New version SMF 2.1.4 installed. You may need to clear cookies and login again...

Main Menu

OAS website is "Not Secure"

Started by MarkS, Jul 25, 2018, 12:13:16

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

MarkS

My recently updated Chrome browser (version 68) now warns me in the address bar that the OAS website and forum is "Not Secure".

I think that means OAS is not using HTTPS, the secure and encrypted version of HTTP.  So it is plaintext pages that are sent from the OAS server to my computer (potentially hackable en route) rather than encrypted pages which need to be unencrypted on arriving at my PC.

I don't think it's anything to worry about though.  Or is it?

Mark

The Thing

If I was banking on it I'd be worried. As long as the domain isn't hijacked for nefarious purposes such as discussing odd pursuits carried out in the dead of night and with subsequent picture sharing amongst a group of 'like minded' individuals...

ApophisAstros

Quote from: The Thing on Jul 25, 2018, 19:45:06
If I was banking on it I'd be worried. As long as the domain isn't hijacked for nefarious purposes such as discussing odd pursuits carried out in the dead of night and with subsequent picture sharing amongst a group of 'like minded' individuals...
LOL :lol: :lol: :lol:
Roger
RedCat51,QHYCCD183,Atik460EX,EQ6-R.Tri-Band OSC,BaaderSII1,25" 4.5nm,Ha3.5nm,Oiii3.5nm.

Rick

#3
Google seems to want to push use of HTTPS everywhere, but assuming you don't use the same password for O.A.S. sites as you use for your bank or on-liine shopping accounts, I don't see any problem at all with staying on HTTP.

...and going to HTTPS is very likely to involve extra costs, as you need a certificate signed by one or other of the "trusted" authorities, and you probably also need an individual static IP address for each site. For a business, that's probably not a problem...

(I looked into the issue last year, and figured at that point that doing the necessary re-structuring so as to have everything in a single site so that we only needed one certificate would still mean paying at least double the present hosting costs for HTTPS.)