Connection not private

[NWGunner]

Wait...are you saying I wasn't supposed to enter my social security#, bank account #'s, and mother's maiden name when I logged in?

No, but if you PM that info to me, I can fix it for you

[Sinus211]

PM sent. I included my safe combo just in case that's pertinent.

[steveo_1704]

Not SSL sites transmit log-in in plain text. A sniffer can grab that info. For the MOST part, that person needs to be on your network with you in order to sniff. If you have it setup to auto-log in each time you visit, then you are still secure(ish), as it's the cookie that is logging you in and not the plain text information.

As far as SSL on the site, it's coming. I put it on a few months back and it basically broke everything, so some additional care needs to be taken to emulate it. Also need to work with the forwarders, so that all the old links on this site that are http: don't become dead once we move to https:

You should be able to use nginx as a reverse proxy to serve the same content on port 443 with https encrypting the session. https://letsencrypt.org/ has made this remarkably easy.

https://letsencrypt.org is not to hard to setup, depending on the server's os.

[jdhbulseye]

Why are half the posts in this thread in Greek? ....Fucking NSA.