Force SSL on the site

[Pixel]

Get a free SSL certificate using the new CA, LetsEncrypt.
Set up SSL on this site and re-direct all "HTTP" requests to their "HTTPS" equivalents.

Why?:
- No man-in-the-middle attacks (give or take the NSA)
- PageRank of the site will go up by 1
- It's free and takes under 20 minutes to set up

Cloudflare's SSL is useless as illustrated below.
"=>" is a request/response over SSL
"-->" is an unencrypted request/response, aka the weakest link

Client => Cloudflare --> Server --> Cloudflare => Client

 

[Overlord]

Get a free SSL certificate using the new CA, LetsEncrypt.

Yeah... Because that's a great system. I'd rather a $10/yr PositiveSSL certificate that is going to be compatible with just about all devices, including old ones. LetsEncrypt is non-standard, non-reliable technology.

Set up SSL on this site and re-direct all "HTTP" requests to their "HTTPS" equivalents.

Search engines are gonna love the 301 redirects!

- No man-in-the-middle attacks (give or take the NSA)

Banks, PayPal, payment websites, all need that kinda stuff. Businesses, companies. I doubt a MCM account is valuable to anyone trying to commit MITM attacks. 2FA is enough. Minecraft is a market dominated by lowballing, even a serious, non-child scammer would run away from here. If he got a free account he'd likely dump it and wish he never found it. They want bank details, something valuable. I mean, unless some idiot here actually uses the same password and information combination globally, it's no harm. Plus, the chances of MITM attacks on members here are low (I lied, they're very high, but no cases of it reported, actually, so it's useless to present that as a reason).

BTW. Nobody on this forum qualifies to interest NSA, even though I'm aware you were joking.

- PageRank of the site will go up by 1

Yeah, that's actually the good benefit. Not pagerank going up by 1, that's bullcrap. That's not what happens. Google, however, is promoting SSL (technically TLS, but we refer to it as SSL since the word has been associated with protocol HTTPS) use. So it'd give a boost in SEO. However, pagerank doesn't go up by 1 for that lol.

- It's free and takes under 20 minutes to set up

Aside all the problems of using HTTPS, insecure warnings, having to proxy images and wasting bandwidth, lack of sites you can embed media from, a huge hit on advertisement income, the list is endless.

It's a pain in the butthole, and for a site like this, it's not necessary. Mick is gonna be cleaning up the scraps if he put this one through, probably sit in the corner and cry and wish he never made the decision. Of course, reverting back afterwards would make Google hate you even more, as well as user caches for the site messed up.

Cloudflare's SSL is useless as illustrated below.
"=>" is a request/response over SSL
"-->" is an unencrypted request/response, aka the weakest link

Actually, it isn't useless. Your request to the server is encrypted. It's not encrypted from CloudFlare to the origin server (MCM's server).

Regardless, the same issues happen. There isn't really any point of using CloudFlare's flexible SSL though, not because it's unsafe, but because it's an even bigger hassle to deal with.

Client => Cloudflare --> Server --> Cloudflare => Client

It'd be the same if he used full SSL and not flexible SSL. Requests are processed through CloudFlare's servers, if using CloudFlare, which this site is. On that note, this site's CloudFlare usage is really dumb. They're using CloudFlare in a really dumb way, the setup is extremely retarded and inconvenient to users, not a problem to malicious attackers.[DOUBLEPOST=1451102385,1451101938][/DOUBLEPOST]BTW, I think SSL is suggested just for the sake of it. I don't think people truly understand what it is, what the benefits and negatives of it are, and believe me, for some sites there are more negatives than positives. MCM isn't a site that needs it, most forums don't either. 2FA does exist, users can use that if needed.

 

[VybrusHosting]

I would say go SSL since most/all people trust it and it would also give good rankings on google since they look for that. Cloud Flare is ok but not the best way to protect anything since it is flimsy.

 

[Mick]

Thank you for this suggestion. We will look into this.