I just realized that SSL/TLS is not supported for discuss.emberjs.com. It seems even login credentials are sent in clear text over the wire (see screenshot below).
Would it be at all possible to fix this?
2 Likes
In the meantime, you can log in with Google to get full two factor auth plus HTTPS in the login phase. Remember you can log in with any supported method that maps to the same verified email address.
Yeap, I did test that.
FWIW I generally am very cautious of using Open Auth logins, IE I never use them. Some more less reputable sites that uses OAuth extract data about you (or worse) from the OAuth provider. I prefer to use 1Password and have unique passwords.
My paranoia aside, is configuring SSL/TLS for this app something that is likely to happen? Is there a blocker other than $$?
1 Like
There are free certificates here: https://letsencrypt.org/
Nginx snippets for SSL and redirection from plain HTTP are easily available.
1 Like
Discovered this today and kind of totally surprised me. Any news on this?
1 Like