[✔] Secure connection to the site

by **Silly Tiny Frog** » Tue Sep 19, 2017 6:08 am

The one thing that has bugged me since the day I joined is the lack of secure connection to the site. Is there any particular reason it hasn't been enabled? I know it isn't completely without problems to set it up but I hope it will be fixed soon.

by **galled** » Tue Sep 19, 2017 8:44 am

Windlyn is in Beta and other than passwords, there isn't or shouldn't be any other sensitive data being passed along, so rest easy.

Windlyn is hosted on a shared server that has a current security certificate. It expires in 2018. We will look at adding Windlyn to the renewal at that time. Keep in mind, multi domain security certificates are expensive, especially for a site that generates virtually no income.

by **Silly Tiny Frog** » Tue Sep 19, 2017 9:21 am

I know that in some cases you can use a free security sertificate like from Let's encrypt! so I was wondering -- but I don't know what kind of limitations there are and especially on shared space etc.

Anyhow, glad to hear about this and thank you a lot for the quick reply!

by **galled** » Tue Sep 19, 2017 10:11 am

I'd never heard of Let's Encrypt. It may be an option, but I see they won't support wildcard domains until Jan 2018.

Oh, and they're only valid for 90 days... hey, but it's free!

I'll have to research it a bit more, but if they're like self-signed certificates they are not really secure (no chain of trust established with them) because they are user generated. (Anyone can generate them--making them insecure, unless you trust the site in the first place--which makes it kinda pointless if you do already).

Best bet, and this applies with any web site, use different passwords, un-check "keep me logged in" on public devices, regularly scan your device for viruses and spyware.

Anyway, thanks for the lead!

by **galled** » Fri Sep 29, 2017 12:50 pm

Hello Silly Tiny Frog
Thanks to your suggestion, we were able to update Windlyn to use secure connections!

Please give it a try.

Thanks again!

by **Akuyi** » Sat Sep 30, 2017 6:41 am

Yaay!

by **Akuyi** » Fri Mar 09, 2018 3:15 pm

Is it normal that the default is http and you have to replace it by https per hand if you wish to use a secure connection?

by **galled** » Fri Mar 09, 2018 7:44 pm

It has been the standard for the web--and only forwarding people to https for things like shopping carts etc.. However some sites in recent years have been forcing https for everything.

by **Akuyi** » Sat Mar 10, 2018 5:34 am

Ah, I see!

by **galled** » Sat Jan 12, 2019 12:10 pm

OK, we've added https everywhere, so everyone will be redirected to https connections regardless of whether you type in http, https or nothing at all.

by **Akuyi** » Sat Jan 12, 2019 2:28 pm

Neat! Thanks galled!

by **galled** » Sat Jan 12, 2019 2:53 pm

You're welcome! :L_Wing: