TLS Certificate for Forums

P

Prime_Evil

Emperor Mongoose
It looks like the SSL / TLS certificate for the Mongoose forums expired back expired back on 4/18/2019. This is a potential security risk since usernames and passwords are being transmitted in cleartext. Fortunately, this is a different certificate to the one used by the web store (which expires on 2 November 2019), but I'm willing to bet that a lot of people use the same credentials for both. Are there plans to update the forum certificate and put in a rewrite rule to redirect insecure HTTP connections to HTTPS?
 
I'm sure password reuse is not limited to the Mongoose sites. The user may have the same password for everyone else's store, and Paypal too.

An http login is a problem for the whole internet, as a leak affects the security of that user on another company's site, and the user will naturally blame that site even though the leak came from elsewhere.
 
You must log in or register to reply here.

Similar threads

MongooseMatt
State of the Mongoose 2018
2
Replies
38
Views
52K
MongooseMatt
MongooseMatt
P
Alternate rules for Passenger Travel
Replies
15
Views
4K
IanW
I
W
Solo Traveller - thoughts
Replies
8
Views
4K
maddormo
maddormo
MongooseMatt
  • Locked
The State of the Mongoose 2010
Replies
0
Views
18K
MongooseMatt
MongooseMatt
D
Krish Campaign: T8 Battle for Demeter AAR
Replies
7
Views
2K
basaint
B
Back
Top