Hello Steven - do you have any plans to implement HTTPS/SSL?
73' Wolfgang
Hi HB9RYZ, for now there are no plans. As its complex to implement and wont bring any advantages for now. Its possible to do it already using a reverse proxy. But as the implementation would take time i dont think it has significant advantages. In the future maybe but for now no plans on this.
Quote from: magicint1337 on Sep 17, 2024, 10:55 PMHi HB9RYZ, for now there are no plans. As its complex to implement and wont bring any advantages for now. Its possible to do it already using a reverse proxy. But as the implementation would take time i dont think it has significant advantages. In the future maybe but for now no plans on this.
I'm using a proxy for this. Unfortunately, this also blocks the ports that are sent to the SDR list. Can you tell me the ports that need to be opened for this? Then I can adjust the routing accordingly with HTTPS.
Thank you :)
Sorry to say it blund....why https on a public server that has no sensitive data what so ever.
It simply doesn't compute in my brain.
We sell....euh nothing....
We produce....euh the same for all users.....
We store....euh.....nothing.
We hide.....euh.....nothing.
We give links....euh....nope...chatbox maybe, but still won't help if stupid people click on them.
The only thing that https may do *****WE ARE STUPID TO SERVE YOU A FREE SERVICE!!!***** euh, nope....still no good reason to complicate things.
There is simply no reason to use secure transmissions....there isn't. ;D
If people say, it's not https so I can not trust it.....MY RESPONSE IS: DO NOT USE IT! ;D 8)
Quote from: Bas ON5HB on Sep 23, 2024, 06:08 PMSorry to say it blund....why https on a public server that has no sensitive data what so ever.
It simply doesn't compute in my brain.
We sell....euh nothing....
We produce....euh the same for all users.....
We store....euh.....nothing.
We hide.....euh.....nothing.
We give links....euh....nope...chatbox maybe, but still won't help if stupid people click on them.
The only thing that https may do *****WE ARE STUPID TO SERVE YOU A FREE SERVICE!!!***** euh, nope....still no good reason to complicate things.
There is simply no reason to use secure transmissions....there isn't. ;D
If people say, it's not https so I can not trust it.....MY RESPONSE IS: DO NOT USE IT! ;D 8)
That's not quite right, Bas. I have privatized my server in Germany using authentication. This means that only users with a username and password can access my server.
This means that when users log in, a window appears saying that the data is being transferred unencrypted... etc.
The API for the sdr-list is on a reverse proxy which should be on port 443
And for this case always use https as it makes sense then. If its public then it doesnt make sense.
Quote from: HB3XVQ on Sep 23, 2024, 07:25 PMThat's not quite right, Bas. I have privatized my server in Germany using authentication. This means that only users with a username and password can access my server.
This means that when users log in, a window appears saying that the data is being transferred unencrypted... etc.
It still makes no sense, as the data isn't highly sensitive. And the user and pass information is send encrypted anyway, with or without https.
It's not like somebody can steal a few samples and get rich of it ;D
Also, to encrypt all of it will put a lot of extra load on the CPU, I doubt you can keep 30MHz bandwidth when you try.
Else try to do it with Squid-Proxy, that is able to convert it via tunnel.
There is another advantage to https, even if your site does not carry sensitive information. It is authentication, so a hacker in the middle cannot inject fake data to harm your visitors or a third party.
There was an incident in the 2010s in which an attacker was altering Javascript code from plain http websites in order to cause visitors to DDOS the site of a third party. It was tricky, as the original websites had clean code, but the bad guys were able to weaponize the data enroute. It was so slick that visitors didn't know their browsers were being secretly turned into a DDOS weapon.
LOL I found an article describing what happened. It was China running a tool dubbed the "the Great Cannon (https://citizenlab.ca/2015/04/chinas-great-cannon/)" to hit sites sharing anti-censorship tools.
I don't know if there is an easy way to set it up behind a reverse proxy; on a regular static domain it is pretty easy and not much of a CPU hog on modern equipment.
I'm with Bas on this one. For the most part, we are simply running a service and there's no confidential data moving back and forth.
How many incidents have we read about to where someone had their life compromised by using the old websdr system running http?
Respectfully & 73,
Phil - NY4Q
Quote from: Phil - NY4Q on Nov 02, 2024, 08:28 PMI'm with Bas on this one. For the most part, we are simply running a service and there's no confidential data moving back and forth.
How many incidents have we read about to where someone had their life compromised by using the old websdr system running http?
Like this....Phil, you have a websdr....I found a way to empty your bankaccount!!!
Come on...too stupid for words ;D
What they do today....send you an email, with a fake website of your bank...sure it's https...let's make people more stupid then they already are!
They see https...all the rest is ok....and those idiots don't see it's not the url of their bank....but hey, it's https and they give all details.
Forrest Gumb said: Stupid is stupid does....he was wrong...making people stupid is more horrifying...like their brains don't work anymore.
HTTPS....okay, I'm stupid and I will give all details, as HTTPS is secure....stupidity is normal these days.