Originally Posted by Elite

pretty sure the passwords aren't stored as plain text lol, their always encrypted, if you mean the data streams containing the passwords, then yeah, they would be.

Originally Posted by Surge

i dunno, tbashboii didn't find it too hard to find TB passwords a couple years ago

Originally Posted by suomynona

Please add HTTPS, please add HSTS.

Some clarification on password stealing: Essentially every password breach has been via phishing or cross site scripting. The passwords are hashed, and cannot be (trivially) recovered from the database. Logins, however, are almost certainly handled as plain text. Hypothetical, a sort of challenge-authentication setup could be implemented, but it would be of relatively low security compared to just using HTTPS.

The presence of HTTP content does not render HTTPS useless. Most of the content anyone would be served over HTTPS, such as logins, PM conversations, and IP data from staff tools.

Random images hotlinked from a non-HTTPS server is not something we have strict control over, though I guess we could disallow such links in the first place.

I have previously requested this, but the developer who had been working on it had difficulties making it work and eventually left.

I would really, really, really like to see HTTPS on the forum.

Originally Posted by Elite

https would be broken if we tried due to the fact a lot of the images on the forum and other sources use http, so it'd be there, but it wouldnt show as secured.