# No HTTPS? Really?



## pdx8080 (May 30, 2014)

Subject line says it all.


----------



## Mike Lang (Nov 17, 1999)

https connections not working right?


----------



## pdx8080 (May 30, 2014)

Thanks, Mike. I hope one day it is possible to find a way to provide HTTPS without causing so much collateral damage! 

I didn't mean to appear rude, but I was genuinely surprised.


----------



## Adam1115 (Dec 15, 2003)

I think I can live with the fact that the forum is not SSL.

But it really seems insane - and eats away at me that I'm expected to send my login credentials over a non-ssl connection.

Isn't it possible to at least encrypt our login session>?


----------



## pdx8080 (May 30, 2014)

Adam1115 said:


> I think I can live with the fact that the forum is not SSL.
> 
> But it really seems insane - and eats away at me that I'm expected to send my login credentials over a non-ssl connection.
> 
> Isn't it possible to at least encrypt our login session>?


I agree with this completely. At least the login session _should_ be encrypted if nothing else.


----------



## BrettStah (Nov 12, 2000)

I'm not disagreeing with the importance of using HTTPS, but in the meantime:

Use a unique password for this site (which should be done for all sites anyway), and enable the two-step authentication option this site offers - http://www.tivocommunity.com/community/index.php?account/two-step


----------



## Adam1115 (Dec 15, 2003)

What's two step going to do if they grab the authenticated cookie that keeps you signed in?


----------



## BrettStah (Nov 12, 2000)

Adam1115 said:


> What's two step going to do if they grab the authenticated cookie that keeps you signed in?


Good point. On an insecure network a VPN should be used.


----------



## pdx8080 (May 30, 2014)

BrettStah said:


> Good point. On an insecure network a VPN should be used.


But that speaks to _precisely_ the point we're trying to make. In this day and age, it should not be necessary to use a VPN to accomplish something as common* as encrypting a login session. How many other forums offer at least encrypted login, even if the rest of traffic is not encrypted? Lots. This site should not be lumped in with others (such as banking, shopping, etc.) that an average user who is not equipped with a VPN should avoid while traveling and using a network of questionable security. Perhaps an eventual wholesale replacement of forum software is needed, if the current software is not up to the task?

And, for the record, my password is both random and unique, and accessed solely over a secure network.

Granted, there's not anything financial or otherwise sensitive here that would require full encryption. My point is that it's particularly jarring to have your password manager warn you of an insecure login being submitted when that does not happen for _*any*_ other site. If not for that, I'd probably have been completely unaware, and this thread would not exist.

*I was originally going to say 'simple' here, but 'common' expresses the sentiment much more accurately.


----------



## Adam1115 (Dec 15, 2003)

I'm not even sure how I'd use a vpn with Tapatalk.


----------



## BrettStah (Nov 12, 2000)

Adam1115 said:


> I'm not even sure how I'd use a vpn with Tapatalk.


On an iPhone at least, you'd connect to a VPN through settings, and then use the app.


----------



## jcondon (Jul 9, 2003)

Glad to see this has been resolved. Great work. So far so good haven't noticed anything weird.


----------



## Adam1115 (Dec 15, 2003)

Thanks so much!!!


----------



## DancnDude (Feb 7, 2001)

Works great! Thank you!


----------



## danm628 (May 14, 2002)

Thank you. There a couple of public hotspots I can use now. Wouldn't without SSL. 

Glad you are back David.


----------



## boywaja (Sep 30, 2001)

Thanks David, and any others who worked on this. I appreciate it.


----------



## eddyj (Jun 20, 2002)

Yay!


----------



## BrettStah (Nov 12, 2000)

Yeah, thanks for this - much appreciated!


----------

