rickdgray
commented
3 years ago It is baffling that nearly 4 years later, this website (which has a full user login system!) is STILL hosted over http. This is a security BASIC. It is security 101. And the fix is literally all of 5 min to generate a free certificate with certbot. If you are not going to use TLS, then you need to disable logging in because it is actively harmful to your users and unfortunately not everyone knows to use throwaway accounts.
Thanks for making this 💪
I think the site would benefit from having security improved. Unfortunately, people have a tendency to re-use passwords, and as of now, the password and the session cookie can be intercepted on the same network and in man-in-the-middle attacks.
Perhaps you can use Certbot (Let's Encrypt) for this?