Welcome Guest ( Log In | Register )

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

 Despite in HTTPS, replies still not secured

views
     
wKkaY
post Aug 5 2011, 02:46 AM

misutā supākoru
Group Icon
VIP
6,008 posts

Joined: Jan 2003
Thanks, never noticed that because the correct URL is produced when a moderator views the forum over HTTPS.
wKkaY
post Aug 6 2011, 09:44 PM

misutā supākoru
Group Icon
VIP
6,008 posts

Joined: Jan 2003
This should be fixed now.

In addition, I have provided a HTTPS Login option at the login page - http://forum.lowyat.net/index.php?act=Login&CODE=00

And a "Always browse with HTTPS" option at the board settings - http://forum.lowyat.net/index.php?act=UserCP&CODE=04

Can you give it a try?
wKkaY
post Aug 6 2011, 11:58 PM

misutā supākoru
Group Icon
VIP
6,008 posts

Joined: Jan 2003
QUOTE(everling @ Aug 6 2011, 11:48 PM)
There's a minor problem when you're in HTTP and then you try posting or searching with the HTTPS option checked, the forum will send you back to the index page. But it works fine if you're already browsing in HTTPS.
*
That's because we redirect you to https:// if you happen to stumble upon a http:// link. That glitch will be rare in the field I hope. It can happen if you have two windows open and login with the HTTPS option in window A while window B is still on HTTP.

Added on August 7, 2011, 12:03 am
QUOTE(everling @ Aug 6 2011, 11:48 PM)
I think this behaviour isn't optimal, because the user must know of the HTTPS option. Once your announcement expires or if people never read it (like first time visitors in 2012), they won't be able to use the forum's HTTPS option. It would be much better to default to an "Auto" option, where the forum doesn't care whether you use HTTP or HTTPS.
*
Point taken. I made this decision because IE8 and below pops up a prompt about mixed ssl/non-ssl content. IE9 handles it more gracefully. I'll think about what I can do about this.
wKkaY
post Aug 7 2011, 04:58 PM

misutā supākoru
Group Icon
VIP
6,008 posts

Joined: Jan 2003
Ah crap. I forgot to test that (because I hardly close my browser).
wKkaY
post Aug 8 2011, 08:42 PM

misutā supākoru
Group Icon
VIP
6,008 posts

Joined: Jan 2003
Actually chrome will show a yellow icon if images are loaded from http:// sites.

The crossed padlock is due to our use of http:// scripts from our advertising providers, which don't have HTTPS support. We're out of luck here, because we do need the ads to be shown. But if you use IE9, it will conveniently avoid them wink.gif
wKkaY
post Aug 9 2011, 12:32 AM

misutā supākoru
Group Icon
VIP
6,008 posts

Joined: Jan 2003
QUOTE(everling @ Aug 8 2011, 10:02 PM)
I don't understand why it is that way. HTTPS secured JavaScript scripts can still be super evil and malicious scripts.
*
In the event of an MITM, a script is provided a larger attack surface (think DOM manipulation, HTTP requests, etc) than multimedia are.

Added on August 9, 2011, 12:34 am
QUOTE(saturn85 @ Aug 9 2011, 12:00 AM)
yes, i m using google chrome.
still not very clear how https works. rclxub.gif
possible for the page to have this?: user posted imageuser posted image
*
Sorry, we can't make it green. But I assure you that your browsing with https:// is at worst as secure as http://
« Next Oldest · Feedback and Helpdesk · Next Newest »
 

Add ReplyOptions
 

Change to:
| Lo-Fi Version
 0.0177sec    0.49    6 queries    GZIP Disabled
Time is now: 6th December 2025 - 04:56 AM
All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)
Removal Request
Powered by Invision Power Board © 2025  IPS, Inc.