Main Restorations Software Audio/Jukebox/MP3 Everything Else Buy/Sell/Trade
Project Announcements Monitor/Video GroovyMAME Merit/JVL Touchscreen Meet Up Retail Vendors
Driving & Racing Woodworking Software Support Forums Consoles Project Arcade Reviews
Automated Projects Artwork Frontend Support Forums Pinball Forum Discussion Old Boards
Raspberry Pi & Dev Board controls.dat Linux Miscellaneous Arcade Wiki Discussion Old Archives
Lightguns Arcade1Up Try the site in https mode Site News

Unread posts | New Replies | Recent posts | Rules | Chatroom | Wiki | File Repository | RSS | Submit news

  

Author Topic: Support TLS (HTTPS)  (Read 10286 times)

0 Members and 1 Guest are viewing this topic.

marekk

  • Trade Count: (0)
  • Jr. Member
  • **
  • Offline Offline
  • Posts: 3
  • Last login:February 02, 2020, 10:43:50 am
  • Building my first cabinet!
Support TLS (HTTPS)
« on: September 06, 2018, 07:11:31 pm »
Hi! I'm a new member here (been a lurker for a while) so my apologies if this has come up before. I saw this mentioned over in this thread earlier this year but couldn't find a direct thread on this question.

Has there been discussion on adding TLS (HTTPS) support to ArcadeControls -- both the main website and forum?

Services like Let's Encrypt now exist and offer completely free certificates; this removes the cost barrier that once existed. Besides allowing users of the forum to authenticate (eg, login) securely without potentially compromising their credentials, it is really important that users of this site/forum aren't susceptible to man-in-the-middle attacks when using the site on untrusted networks (eg, coffee shops, hotels, etc). Additionally, browsers very soon will stop allowing users to navigate to http sites in the near future -- Google is pushing the entire web (via Chrome) to enable HTTPS everywhere. Chrome now shows a "Not Secure" message next to the URL bar and at a later date, users will likely be getting warning pages telling them that the site they are trying to visit is not secure (similar to what you get today with a bad certificate).

Here is more information on why this is important:
- https://www.troyhunt.com/heres-why-your-static-website-needs-https/
- https://scotthelme.co.uk/https-anti-vaxxers/

I'm happy to help the admin(s) here with this as I have experience getting this setup in this area.