Suggestion: SSL Support
 

Hello vBulletin team,

it would be great if you could enable SSL Support on vbulletin.org. :)

I think that's unlikely - for what reason would you want it ?

For Security & Privacy reasons.

Sorry but that's a pretty vague answer, what security and privacy reasons exactly ?

If I change/enter my password it flows unencrypted over the internet, HTTPS would be useful there for example. The next point is that my nickname also flows unencrypted over the internet and that harms my privacy.

vbulletin does not send unencrypted passwords over the net, they are hashed using MD5.

As for your nickname - are you serious - what possible harm to your privacy does that cause (given that everyone who visits the site can clearly see it).

(I take it you don't use e-mail, given how highly insecure that actually is).

Ok.

But ... insecure in some kind. (you could capture the MD5 checksum and run it via brute force against a wordlist) ;)

I fear our ISPs in combination with our goverments and the data retention laws not the vB.org visitors/members.
I use TLS and PGP.

"Just because you're paranoid doesn't mean they aren't after you" - Kurt Cobain :p

You might use TLS, SMTP servers don't use it to send your e-mail from server to server.

If you are that paranoid then maybe you shouldn't be on the internet. ;)

SSL support would be a good alternative to MD5 coding in most of the very-secure situations...

for the reason you list, you may have a good point... maybe it would be good for you to hire a professional coder with a good knowledge of security and SSL so he/she can recode the parts you may require to be recoded like the login and general authentication system... it's not quite complicated to rebuild, it's just changing a MD5 structure to a SSL one...

He's asking for this on vB.org, not his own site :p.

i think he refered vb.org to vbulletin itself, as in this last post he refer to his own ISP and government ... so i think he is asking for a solution, not only here... anyway... this is possible, even if mostlikely useless...

I thought https had little or nothing to do with the software. I thought it was all taken care of on the server side by apache (or whatever) and when it was setup you just called https:// instead of http://

http:// is often hardcoded into bits of software (inc vbulletin).

Well, don't do that. I mean, what if the FBI or some corporate secret obsessed company wanted to use vBulletin? I'm not saying vBulletin should go nuts about such stuff, but not hard-coding http when a simple $protocal variable would do seems common sense. Of course, this is really something that should go to vb.com, and has nothing to do with vb.org...

Is this a joke? Dude, people post their addresses and full info on the net founded by google, i doubt anyone is gona steal your forum identity. :)

I hate to see a good quote attributed to that hack...

"Just because you're paranoid doesn't mean they aren't after you." - Woody Allen, Take The Money and Run (1969)

Why the hell are you even on the internet? You do know Paul and other staff members can see your IP, with your IP find your location and ISP. Also if they had the correct software and hardware, they could get your exact location of your internet connection (house) then spy on you. I mean heck, while your here its even possible that a few worms were sent to your computer.

Since your a security freak, may i ask what do you have for the following: Firewall, antivirus, house security and what browser do you use?

I am not harrassing you, im trying to wake you up and find out things for myself.

You can use a proxy server to hide your IP. Many people do, and we're not nuts. I look around at a world where 33 students got shot to death yesterday, and I know that I have no idea who I am really dealing with when I argue with people online. Nothing personal, but I'd really rather not have you be able to google earth my house from my IP :p I've also grown pretty careful about my email - I have a 'spam' email account I use to register pretty much everywhere because any 'real' account gets picked up by spam crawlers in no time flat.

Using a proxy wont hide your IP, infacts its less secure. The person who owns the proxy, he has access to log everything almost, he can take track of your cookies, ip and more!

Depends on the proxy server. Most 'good' ones will hide your ip address though.

If you're really paranoid you may want to consider using Tor or one of the other similar projects. It isn't 100% secure but it's about as close as you're going to get. Too bad it's not very dial-up friendly.

But, on the SSL/HTTPS front - I've worked with many corporate clients over the years that won't even talk to you if you aren't providing an HTTPS solution. It doesn't matter if it makes sense, some IT guy works their management into a frenzy and it becomes a MUST have.

You didnt read what i said? I said the proxy owner has your IP.

Since for the most part proxy servers exist to hide IPS (it's almost their entire purpose), then it would take a court order in most cases to get my real ip from the proxy service. At that point I've probably done something illegal and deserve it. I'm not trying to protect myself against the government - just the random psycho with the ability to use Google Earth ;)

He may have my IP but he can not 'sniff' my traffic if I take the steps needed to make sure he can't.

People freak out too much over their IP address anyway. Mine changes multiple times a day and only my ISP knows which IP address I was using at the time. In other words even if you do get a hold of my IP you're not going to find out much about me.

Most people will willing hand over personal information anyway. You'd likely find out more about me by searching these forums then you would attempting to locate me based on my IP.