HTTPS

I noticed that the yiiframework website isn’t HTTPS. Does it mean that our login credentials could be hacked by someone?

There’s such possibility if you’re in a cafe using public wifi w/o VPN.

really? I think that the owners of this site should buy a SSL certificate. It’s only 50 euros per year.

It’s even free with StartSSL. I however suspect there’ll be problems with assets serverd by CDNs among other issues. Would still be cool if this could happen one day B)

Noted.

Ah, while we’re at it: There’s also the Let’s Encrypt initiative backed by Mozilla et al.

I agree, it would be good to have SSL for authentication pages.

As this may be interesting to others as well: There is a SSL Config Generator serving as some sort of counter-piece to SSL-Labs’ Online Test.

Edit: And there’s cipherli.st