Mike
Well-Known Member
In the next few days (read: maybe tomorrow, maybe a week from tomorrow), I will be making a change to the site, in an effort to kick site security up to the next level. With the one exception that this process will result in any logged-in users being logged out of the site, it will not be necessary for any of you to do anything on your end of the pipe.
If you are using the 'stay logged in' feature, so the site will not require log-ins from you (which is about as insecure as you can possibly make your account), please take note of this change. Once it has been made, you will not be logged in, and will have to log in again. And I know some of you like to log in and then forget the password you selected, so here is a link to show you how to log back in, if you've forgotten your password. I can give you a couple of very good reasons to not use the stay logged in feature, but since you already know more about keeping things secure than I ever will
, why should I bother?
Once this change has been made, all data being transmitted between your browsers and the site server will be encrypted. This will eliminate the possibility of any man-in-the-middle attacks being made on your forum account. This has never happened in the seven-plus years this site has been running, but neither are we going to take any chances with the future.
For those who are curious about this change, I will be installing a Secure Sockets Layer (SSL) certificate on the server. It is actually a very intensive, mathematical process, but here is a nutshell explanation.
When your browser requests a page from the server, the server will respond by sending its public encryption key, along with its certificate. Your browser will then make some checks on the certificate, to make sure it was assigned by a trusted party, to make sure the certificate is not expired, to make sure the certificate has not been revoked for any reason and to make sure the certificate matches this Web site. Once your browser has determined everything is on the up and up, it will then send an encrypted, symmetric key back to the server. The server will then use its own private encryption key to decrypt your browsers symmetric key. Once that has happened, the server will serve the requested page, using full encryption, using the symmetric key. Your browser will then decrypt the page with the symmetric key and will display the requested page on your screen.
It sounds like a lot is going on, and the truth is that it really amounts to much more than that simple explanation would have you think. But the good news is that all of that will be taking place in milliseconds and without you even being aware of what is happening. Everything about the forums will look the same as always, the only difference being that the data passing between your browser and the server will all be encrypted. We're not going to be asking you for an sensitive information about yourself, but once the SSL is in place, anything you share with the site will be secure.
If you are using the 'stay logged in' feature, so the site will not require log-ins from you (which is about as insecure as you can possibly make your account), please take note of this change. Once it has been made, you will not be logged in, and will have to log in again. And I know some of you like to log in and then forget the password you selected, so here is a link to show you how to log back in, if you've forgotten your password. I can give you a couple of very good reasons to not use the stay logged in feature, but since you already know more about keeping things secure than I ever will
, why should I bother?Once this change has been made, all data being transmitted between your browsers and the site server will be encrypted. This will eliminate the possibility of any man-in-the-middle attacks being made on your forum account. This has never happened in the seven-plus years this site has been running, but neither are we going to take any chances with the future.
For those who are curious about this change, I will be installing a Secure Sockets Layer (SSL) certificate on the server. It is actually a very intensive, mathematical process, but here is a nutshell explanation.
When your browser requests a page from the server, the server will respond by sending its public encryption key, along with its certificate. Your browser will then make some checks on the certificate, to make sure it was assigned by a trusted party, to make sure the certificate is not expired, to make sure the certificate has not been revoked for any reason and to make sure the certificate matches this Web site. Once your browser has determined everything is on the up and up, it will then send an encrypted, symmetric key back to the server. The server will then use its own private encryption key to decrypt your browsers symmetric key. Once that has happened, the server will serve the requested page, using full encryption, using the symmetric key. Your browser will then decrypt the page with the symmetric key and will display the requested page on your screen.
It sounds like a lot is going on, and the truth is that it really amounts to much more than that simple explanation would have you think. But the good news is that all of that will be taking place in milliseconds and without you even being aware of what is happening. Everything about the forums will look the same as always, the only difference being that the data passing between your browser and the server will all be encrypted. We're not going to be asking you for an sensitive information about yourself, but once the SSL is in place, anything you share with the site will be secure.
