Page 1 of 1

Website SSL and Chrome Warnings

Posted: Wed Mar 21, 2018 2:44 pm
by Satelle
This is mainly a thread to capture concerns about the lack of SSL on the FA Website. Adding a proper cert that will not produce errors in web browsers (e.g., one backed by a Certificate Authority and not one that is self-signed) would add a yearly extra charge to hosting.

The risk of personal damage when using this site from man-in-the-middle interception of the data we process here is something everyone should personally assess. A few pointers:
  • You should not be using a password here for login that you use anywhere else. Period. Use a unique one you don't use elsewhere.
  • SSL protects data in transit only, so it's good for when you're accessing the site over an untrusted network (like Starbucks, public wifi, etc).
  • SSL does not protect data at rest. The passwords here are encrypted in the database, but posts, etc, are not.
  • Having a VPN solution for when you are doing anything on an untrusted network is cheaper than an SSL cert, and would protect you with everything. It would not stop web browser warnings, but your data would be protected anyway. That is the way to go if you have specific concerns.
I'm not against buying the cert, but want people to look at the risks realistically and understand the other mitigation options. If you have a specific concern, please PM me here or post below if you like.