Will you ever enable https?

  • Advertise with us

« back to Site Feedback forum

Forum topic by mtkate posted 05-23-2011 11:10 AM 1171 views 0 times favorited 7 replies Add to Favorites Watch
View mtkate's profile


2049 posts in 3325 days

05-23-2011 11:10 AM


I keep on loving this site – and hoping some day you can add that small extra layer of security so we are not all logging in with plain text.

No offence to the other LJs, but I know many don’t understand the significance of this and it would be a shame if personal information got compromised by accident.

I am truly amazed there has not been a horrible incident – so kudos to however you are managing it now but the luck cannot last.

Thoughts for improvement…. will make alll us paranoid techies feel a touch less exposed ;)

Merci for the consideration.

7 replies so far

View Alan S's profile

Alan S

181 posts in 3317 days

#1 posted 05-23-2011 05:29 PM

I vote for this too! Password security is definitely something to take seriously.


View Bertha's profile


13528 posts in 2693 days

#2 posted 05-23-2011 05:34 PM

There’s a lot of traffic here. I certainly wouldn’t want to be in charge of wrangling it!

-- My dad and I built a 65 chev pick up.I killed trannys in that thing for some reason-Hog

View GregD's profile


788 posts in 3136 days

#3 posted 05-23-2011 07:05 PM

What personal information? Email address? The information I’ve given to LJ is not very sensitive and I suspect that is typical.

Now, re-using your LJ password for your online bank or other site with actual sensitive data would be a big risk, but for far more reasons than the plain text passwords.

What am I missing?

-- Greg D.

View dbhost's profile


5712 posts in 3232 days

#4 posted 05-23-2011 07:15 PM

In the IT security world, the question isn’t “Are you paraanoid?” The question is… “Are you paranoid enough?”

I know that sounds like an odd thing to say, but the point is, the OP is right, it would be best to be proactive in security, instead of reactive. The big issue would be obtaining the SSL certificate in the first place. You either have to get one from a “trusted” certificate authority like Thawte, which for a small operation can be cost prohibitive, or get your users to add an untrusted authority in their browsers, which many security conscious users will refuse to do…

-- Please like and subscribe to my YouTube Channel

View SteveMI's profile


1094 posts in 3294 days

#5 posted 05-23-2011 07:17 PM

What would be the value of a password to get on LJ?

As Greg D points out, an email or website address is all that is available.

If you are concerned, join under an alias with a gmail account.


View Alan S's profile

Alan S

181 posts in 3317 days

#6 posted 05-24-2011 10:11 PM

I’m not talking about requiring a password to view lumberjocks, and I don’t think mtkate is either. The problem occurs when you do decide to log in.

The point is, a huge number of people use the same password for every computer account they own. This isn’t a good policy, but it happens. So, if someone’s LJ password gets compromised that is the same as their email password, an attacker can get into their email, which is a dangerous thing.

View Dan Lyke's profile

Dan Lyke

1520 posts in 4125 days

#7 posted 05-25-2011 12:56 AM

I’m with GregD and SteveMI: If you’re using the same password on LumberJocks as on higher value sites, then you’re engaging in risky behavior that LumberJocks enforcing https will not protect you from.

-- Dan Lyke, Petaluma California,

Have your say...

You must be signed in to reply.

DISCLAIMER: Any posts on LJ are posted by individuals acting in their own right and do not necessarily reflect the views of LJ. LJ will not be held liable for the actions of any user.

Latest Projects | Latest Blog Entries | Latest Forum Topics